Overview

overview

10

Static

static

3

66ee1296c7...4d.exe

windows7-x64

10

66ee1296c7...4d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66ee1296c7d034b5d2613b39f1771fd699c38ae66c65812045a3f9cc52853d4d

  • Size

    378KB

  • Sample

    241109-jsqjnazmb1

  • MD5

    ce217dc9a9c02f02432d322e2d9893a0

  • SHA1

    c64b8933d1cda36d481b8067b17f490eb7e2ab94

  • SHA256

    66ee1296c7d034b5d2613b39f1771fd699c38ae66c65812045a3f9cc52853d4d

  • SHA512

    34de3cb50569bcccb47335b147f1568f33f1ad31ee32e828fbb6dbcf3b91f4d2b23a7cda191c2512e20a1587176ed60397ac3d3feb584a16d63b97d3e70aeff2

  • SSDEEP

    6144:2ahUfR1GdCLElxr3sJf46CxF7r8vwoPQWt4m:BhsR1GdCLE7r3Qf46CxF7r8vwoPQWt4m

Score
10/10
redlinesectoprat@chmoeblan1discoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

@chmoeblan1

C2

51.254.69.209:48987

Targets

    • Target

      66ee1296c7d034b5d2613b39f1771fd699c38ae66c65812045a3f9cc52853d4d

    • Size

      378KB

    • MD5

      ce217dc9a9c02f02432d322e2d9893a0

    • SHA1

      c64b8933d1cda36d481b8067b17f490eb7e2ab94

    • SHA256

      66ee1296c7d034b5d2613b39f1771fd699c38ae66c65812045a3f9cc52853d4d

    • SHA512

      34de3cb50569bcccb47335b147f1568f33f1ad31ee32e828fbb6dbcf3b91f4d2b23a7cda191c2512e20a1587176ed60397ac3d3feb584a16d63b97d3e70aeff2

    • SSDEEP

      6144:2ahUfR1GdCLElxr3sJf46CxF7r8vwoPQWt4m:BhsR1GdCLE7r3Qf46CxF7r8vwoPQWt4m

    Score
    10/10
    redlinesectoprat@chmoeblan1discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks