Overview

overview

10

Static

static

3

eff20fcad4...0d.exe

windows7-x64

10

eff20fcad4...0d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    229454af40bef8d07cb0b7131d08b9409c65d84d46b5441b0c7bdffe284a9122

  • Size

    274KB

  • Sample

    240902-d7rsda1ajq

  • MD5

    6c8e2d8f672a59465a8d1a2bd279b508

  • SHA1

    5dff896179cc8a097fe01379c3e524d6cc220b52

  • SHA256

    229454af40bef8d07cb0b7131d08b9409c65d84d46b5441b0c7bdffe284a9122

  • SHA512

    a9872fd2547ce798f24dae12995910e3f982f04da42efe78a6d0cedfb6d28c832085c38a16f1d3f94a9ec1e9a4117d9a9fef64daf0e8085547f586d38a14a60b

  • SSDEEP

    6144:wgRzwg49e5IVUUXsR1gYtIzb0vzNfeDIl530O7C5wHpMCmAeoDJa:zzwg44ccRGY4YbmIl530O7PiMJa

Score
10/10
redlinesectopratutsdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.182:52236

Attributes
  • auth_value

    a272f3a2850ec3dccdaed97234b7c40e

Targets

    • Target

      eff20fcad43e1285078db09eda1eadab4df557e79a0e58ebeff959c79455ff0d

    • Size

      366KB

    • MD5

      171c94ac2297a47e836f3665aeacff8d

    • SHA1

      6d40df340304405a1c79a192b41a35b7417247f4

    • SHA256

      eff20fcad43e1285078db09eda1eadab4df557e79a0e58ebeff959c79455ff0d

    • SHA512

      c4a5715dc204423d23a224e740028d4f0439b0c076b6c5ad7bc3b86fde8b77115b7ce43aebd3ace8751b4ac1322fc4bfe3ccd61f96df79de1c89dd4c525be4f2

    • SSDEEP

      6144:wijnTUAx2iswvh4hQwbq+Z+CKOF3N+0l1D2qX7tNfVXVHQLIiu8cfo0/pWm:wiLTUAx9hhC+C1++2wZGEX8cA0/Mm

    Score
    10/10
    redlinesectopratutsdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks