Overview

overview

10

Static

static

3

DOCUSIGN_0...DF.exe

windows7-x64

10

DOCUSIGN_0...DF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eec7f068324c6e768570df081709347e9d2ff309add8f8f74aa23fe3f08ac8b0

  • Size

    554KB

  • Sample

    241105-ll91ts1ndp

  • MD5

    e3a13d849b73df0c24b0b2c55977344b

  • SHA1

    7e50522d7965ea444e0c2e8e1cc5fb2d98cbdc8f

  • SHA256

    eec7f068324c6e768570df081709347e9d2ff309add8f8f74aa23fe3f08ac8b0

  • SHA512

    b765e754e87b13b1d70b0a2038c058f1b2a58c59039b6de7c345e9aa68296e7400a0110d9933877fc3ef3a6d39e7f67c16975bd1b08cfcd24a814d930c623d2d

  • SSDEEP

    12288:KShjT5h9mBjYXCmmA7FVsoatvquGkNMECfglGngZUrKFYrLF7Le0:KSFTVmWXC4FVAtCIsfglGaOK0l

Score
10/10
redlinesectopratdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

C2

ballablaq957.duckdns.org:36100

Targets

    • Target

      DOCUSIGN_00988766483647362PDF.exe

    • Size

      711KB

    • MD5

      bf209ba4ae02bbe417fd2156c300d8ef

    • SHA1

      ffb2dbff1324fb1d196c04b0fa343881875173f6

    • SHA256

      98461ea447a9f8dc6b2d2f3a612d424bd0761ddffa94344766fce5ca6e0a378a

    • SHA512

      3bcb55cd5d9a8087eebe75201d521bd5612bd203562a077fcab8d9a24dff78f1af6217af80ed7b9f67337e3578a60ab9d6bdfc56f3b9d04469921a1528bcb10b

    • SSDEEP

      12288:+AmtiK5ozLsAN4H9OeNikPur3GlZ9F/1mbT4euKxQSiyyjK:n+FozbfeskmClZL/MvuKKd8

    Score
    10/10
    redlinesectopratdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks