General

  • Target

    2a068ccbb07f56dace44cdb6c2a0a9770e0872a147cc96baec0b5a9dabf1621e.exe

  • Size

    95KB

  • Sample

    241011-mr7ckaybke

  • MD5

    6c67b299fd790354c085e4f9daf6e0e2

  • SHA1

    f27e9b69609ed1f2fc73ee7c577fcddb3723ce21

  • SHA256

    2a068ccbb07f56dace44cdb6c2a0a9770e0872a147cc96baec0b5a9dabf1621e

  • SHA512

    491157fd0f11ebdbb394a59729477ff851feeca8758ec30ce98b05a16ce20f658c5777f9dbfdcc3619c54d0851c5ad9dbcd8a42fffd5104bdf0a4e99bfe4b06b

  • SSDEEP

    1536:FqsIaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2BteulgS6pQl:D3ZeYP+zi0ZbYe1g0ujyzdlQ

Malware Config

Extracted

Family

redline

Botnet

success 2

C2

45.200.148.61:65012

Targets

    • Target

      2a068ccbb07f56dace44cdb6c2a0a9770e0872a147cc96baec0b5a9dabf1621e.exe

    • Size

      95KB

    • MD5

      6c67b299fd790354c085e4f9daf6e0e2

    • SHA1

      f27e9b69609ed1f2fc73ee7c577fcddb3723ce21

    • SHA256

      2a068ccbb07f56dace44cdb6c2a0a9770e0872a147cc96baec0b5a9dabf1621e

    • SHA512

      491157fd0f11ebdbb394a59729477ff851feeca8758ec30ce98b05a16ce20f658c5777f9dbfdcc3619c54d0851c5ad9dbcd8a42fffd5104bdf0a4e99bfe4b06b

    • SSDEEP

      1536:FqsIaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2BteulgS6pQl:D3ZeYP+zi0ZbYe1g0ujyzdlQ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks