General

  • Target

    bd9c7fc40fa376b53d23750021bc645ade1e4215a1265b1fc50665b01562b12f.exe

  • Size

    2.2MB

  • Sample

    240818-nccp3s1dke

  • MD5

    28da65bb6b3dd33f53235b6ff67d6d89

  • SHA1

    f3ff50dcb640b58ab824b2de80c9c5721ed0fe9f

  • SHA256

    bd9c7fc40fa376b53d23750021bc645ade1e4215a1265b1fc50665b01562b12f

  • SHA512

    a887a6e72f6556d350da084e0b71fe5b822cb7f057469bcc2b11c581cc182688a8f783fc5de600f16c6d7682ecde4659fb662162d76979303eb3e8432ed50e94

  • SSDEEP

    49152:DrasJSuxF9rdUbJ2wMt7QjKuBQucLPSVd1JScFptNYUy3/R1Xy9:DxD6vpw+YUS/R1i9

Malware Config

Extracted

Family

redline

Botnet

Newest

C2

77.90.44.31:65012

Targets

    • Target

      bd9c7fc40fa376b53d23750021bc645ade1e4215a1265b1fc50665b01562b12f.exe

    • Size

      2.2MB

    • MD5

      28da65bb6b3dd33f53235b6ff67d6d89

    • SHA1

      f3ff50dcb640b58ab824b2de80c9c5721ed0fe9f

    • SHA256

      bd9c7fc40fa376b53d23750021bc645ade1e4215a1265b1fc50665b01562b12f

    • SHA512

      a887a6e72f6556d350da084e0b71fe5b822cb7f057469bcc2b11c581cc182688a8f783fc5de600f16c6d7682ecde4659fb662162d76979303eb3e8432ed50e94

    • SSDEEP

      49152:DrasJSuxF9rdUbJ2wMt7QjKuBQucLPSVd1JScFptNYUy3/R1Xy9:DxD6vpw+YUS/R1i9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • UAC bypass

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks