General

  • Target

    6a94b94ba557d5d85a1da20213d48974.bin

  • Size

    764KB

  • Sample

    240907-bqrpyaxepp

  • MD5

    fa850e27619787557e59bd0cf0e0f02b

  • SHA1

    36082d33e7a42801a928029d2e86754f48c32121

  • SHA256

    411473e358a25b181bcc0084596555f8418887c02c3d7bca021a76dc98758be5

  • SHA512

    c68fb7bda4abbbc8f6f215b87c030a12f5ba9a020b8943b72897f193f0df8d71083bab714eecfef676c884059e47104fd5235d875a3eb3221f9f4b3b0f05c816

  • SSDEEP

    12288:dPGAKVxwzogn5Q2Y0lnPckCYF0QM0ciK4ppT5CvgRSD6x9LGJLSreRMX1b0OIMhP:3iGlFnPcgF0QStKObDbS2MXxWcsS6VEP

Malware Config

Extracted

Family

redline

Botnet

deepweb

C2

91.92.253.107:1334

Targets

    • Target

      e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd.exe

    • Size

      2.1MB

    • MD5

      6a94b94ba557d5d85a1da20213d48974

    • SHA1

      a311aa3a9243849b883867fa3d772e4c4e95d080

    • SHA256

      e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd

    • SHA512

      a246f8f4341a144f4946179c518fea833dbec7e40c69023e10687f85d97c28e1851334f20260069c0d6500ecb859c2e2553b4492cda22c6145966bc893a54c74

    • SSDEEP

      24576:kik8FMmBmInQorsb2d4abb3+RaiHmd/on97e5oX5QOGXI+sYSkX:Xk8JB5nQYsbY4abb3j/onlGYAS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks