Overview

overview

10

Static

static

3

Injector.exe

windows7-x64

10

Injector.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b01ddfa8c5636a9af7b760a601e91ac1f29cf68ebee49c9863ac3abdbdc70c38

  • Size

    220KB

  • Sample

    241108-cs8xnsvrhl

  • MD5

    182e49edea8c5dd086f9830d68b3b6ba

  • SHA1

    5628c17be7d222a7cd4a5947ebe319158ddd7bf7

  • SHA256

    b01ddfa8c5636a9af7b760a601e91ac1f29cf68ebee49c9863ac3abdbdc70c38

  • SHA512

    a08fa5b5e0b7fe5f1dca5035ea7db929f57c8f320a5630c84af168a304bc3764901c67dbf56e0b185a4b025362f7eeddab3b846317dc60698d45cc0d0cec5992

  • SSDEEP

    6144:7AOhKGHIO23UfAQhtmZ4P/U20pxAisGdDtSIb:/hNIO23GJtmZy2FSIb

Score
10/10
redlinesectoprat@thrillyagamidiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

@thrillyagami

C2

193.32.164.63:3172

Targets

    • Target

      Injector.exe

    • Size

      411KB

    • MD5

      180e8c5248c02a8bf3b4037bd7f8bc55

    • SHA1

      593f6decc4880001a4f85dfd6b76d901590b46b3

    • SHA256

      3a6151499c21be6c75b402fa11b0c5359a388cd0f99d646be176790339dc9315

    • SHA512

      2ad2ec81ce44de311a4b3ee558cdf0a188e573d04d284bb2bfaa239f7d1c80e298f46b8913aba7db5d66e1f2c263bd506638956976d1b4160366edbc54680aa3

    • SSDEEP

      6144:BEmiiXciCHxrkxzhlDv47GdmGYcTCZAOuMMMOtQjBR8PQAeJlFbCFnbPbEMy+:BpbsiCHxrkxzhlvCAftQjUIf+FbDEMy

    Score
    10/10
    redlinesectoprat@thrillyagamidiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks