redline | e4d67649c7704c50925bcd3fe6ac345cba54d118407f28f6550b398671b0284e | Triage

Submit
Reports

Overview

overview

Static

static

4622038cc2...e3.exe

windows7-x64

4622038cc2...e3.exe

windows10-2004-x64

Sharing

General

Target

4622038cc281fbc35d0cfce6c5a595e3.exe
Size

95KB
Sample

240804-t38hbsthja
MD5

4622038cc281fbc35d0cfce6c5a595e3
SHA1

6f68e253ba656556e0eac9c4dafe6fdadb4c39f9
SHA256

e4d67649c7704c50925bcd3fe6ac345cba54d118407f28f6550b398671b0284e
SHA512

f5114998a7cfb51a7dec1477b2b3a026fd5a504ac9d4a16bb761ae09fe55074468944a5aaf7c66ed5c67aefdab2b62ca544a3b22ac7d245a0c9ffd11a8c298f3
SSDEEP

1536:Oqs+EqJ8lbG6jejoigI/43Ywzi0Zb78ivombfexv0ujXyyed29teulgS6pc:sDukY/+zi0ZbYe1g0ujyzdZc

Score

10^/10

redline sectoprat blackhatrussia.com clean credential_access discovery infostealer rat spyware stealer trojan

Static task

static1

blackhatrussia.com clean redline sectoprat

5 signatures

Behavioral task

behavioral1

Sample

4622038cc281fbc35d0cfce6c5a595e3.exe

Resource

win7-20240704-en

redline sectoprat blackhatrussia.com clean credential_access discovery infostealer rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

4622038cc281fbc35d0cfce6c5a595e3.exe

Resource

win10v2004-20240802-en

redline sectoprat blackhatrussia.com clean credential_access discovery infostealer rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

blackhatrussia.com clean

C2

51.89.201.41:29254

Targets

- Target
  
  4622038cc281fbc35d0cfce6c5a595e3.exe
- Size
  
  95KB
- MD5
  
  4622038cc281fbc35d0cfce6c5a595e3
- SHA1
  
  6f68e253ba656556e0eac9c4dafe6fdadb4c39f9
- SHA256
  
  e4d67649c7704c50925bcd3fe6ac345cba54d118407f28f6550b398671b0284e
- SHA512
  
  f5114998a7cfb51a7dec1477b2b3a026fd5a504ac9d4a16bb761ae09fe55074468944a5aaf7c66ed5c67aefdab2b62ca544a3b22ac7d245a0c9ffd11a8c298f3
- SSDEEP
  
  1536:Oqs+EqJ8lbG6jejoigI/43Ywzi0Zb78ivombfexv0ujXyyed29teulgS6pc:sDukY/+zi0ZbYe1g0ujyzdZc
Score

10^/10

redline sectoprat blackhatrussia.com clean credential_access discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

blackhatrussia.com cleanredlinesectoprat

behavioral1

redlinesectopratblackhatrussia.com cleancredential_accessdiscoveryinfostealerratspywarestealertrojan

behavioral2

redlinesectopratblackhatrussia.com cleancredential_accessdiscoveryinfostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy