Overview

overview

10

Static

static

3

a348717d7e...de.exe

windows7-x64

3

a348717d7e...de.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0063ed8218003f8f81ebdfa87dc8fd3f18af4d0e

  • Size

    538KB

  • Sample

    241107-sc227avarb

  • MD5

    998a023e511cfe41453a3e7dd268a8bc

  • SHA1

    0063ed8218003f8f81ebdfa87dc8fd3f18af4d0e

  • SHA256

    b3ebbdbb32feadd65f0272e15d7c6d891653870515957ebf1a70a4570e5a8fe6

  • SHA512

    4e095b74e9539c354aa5f1694c62dc0f13143bd5ddfe412a90e8db463fdf3a9ba1522ec5d80b5179047893ced54d40fcdf0e315f32d809ff06f81b16af34a918

  • SSDEEP

    12288:F3HSHBovQaVCtz4OmVwWUIBHZTt/LGXBInRsWa3Je1dIreBhE:F3HSH6vQaV9yIBHht/yxoRvyreBhE

Score
10/10
redlinesectopratxldiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

XL

C2

163.123.143.229:50230

Targets

    • Target

      a348717d7eb23c235b0e9dacc38b5f4612634b9f811ffaa1c43c9c515f2729de

    • Size

      2.4MB

    • MD5

      be9445e450c925bf89e59d752cd40440

    • SHA1

      c9b8d7f6d4d0ec4d735c50f35d5d3b22770ffe55

    • SHA256

      a348717d7eb23c235b0e9dacc38b5f4612634b9f811ffaa1c43c9c515f2729de

    • SHA512

      4b83c7c9fcd3dead5cbe9afc60191f31e8cf31c146b1215671af68b9e1a96f3848ada956220faeed18ee892bf238e40499178a99f320312e687c7fdefdf3c841

    • SSDEEP

      12288:ryJ0qcSwAR1ipxRZvRex0OPKk3Ls87oLUa1l+5bM/qOeBW8t:uMzec8t

    Score
    10/10
    discoveryredlinesectopratxlinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks