General

  • Target

    e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd.exe

  • Size

    2.1MB

  • Sample

    240906-b9n36azfqb

  • MD5

    6a94b94ba557d5d85a1da20213d48974

  • SHA1

    a311aa3a9243849b883867fa3d772e4c4e95d080

  • SHA256

    e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd

  • SHA512

    a246f8f4341a144f4946179c518fea833dbec7e40c69023e10687f85d97c28e1851334f20260069c0d6500ecb859c2e2553b4492cda22c6145966bc893a54c74

  • SSDEEP

    24576:kik8FMmBmInQorsb2d4abb3+RaiHmd/on97e5oX5QOGXI+sYSkX:Xk8JB5nQYsbY4abb3j/onlGYAS

Malware Config

Extracted

Family

redline

Botnet

deepweb

C2

91.92.253.107:1334

Targets

    • Target

      e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd.exe

    • Size

      2.1MB

    • MD5

      6a94b94ba557d5d85a1da20213d48974

    • SHA1

      a311aa3a9243849b883867fa3d772e4c4e95d080

    • SHA256

      e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd

    • SHA512

      a246f8f4341a144f4946179c518fea833dbec7e40c69023e10687f85d97c28e1851334f20260069c0d6500ecb859c2e2553b4492cda22c6145966bc893a54c74

    • SSDEEP

      24576:kik8FMmBmInQorsb2d4abb3+RaiHmd/on97e5oX5QOGXI+sYSkX:Xk8JB5nQYsbY4abb3j/onlGYAS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks