Overview

overview

10

Static

static

1

NeonHack v.1.9.1.exe

windows7-x64

10

NeonHack v.1.9.1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d645f2ed2602d1a11bd073ff1a8a6fbb689d52effd18586849f47416a52a1453

  • Size

    164KB

  • Sample

    241109-nyhs8atfmg

  • MD5

    b3e9a73e6124904b939fbbca6a12b42f

  • SHA1

    7c78f6c438ed4a64a5b638a7f71bb6d1a13bcbce

  • SHA256

    d645f2ed2602d1a11bd073ff1a8a6fbb689d52effd18586849f47416a52a1453

  • SHA512

    191da8a8d51a8f1f8964ffc363bed5b0f14515fedf9d8e70a5d4fcb254d2eff31692b02cd8ff6214f65bf01e20e9c06af45da5c0e2fa74f689d11653e56036f5

  • SSDEEP

    3072:zjLxzFppP4rAxE7kI+EjrBxnwnyfFq/GjdpbAN8xuwc06G3LCYp1WeioyN:rxDpgr0pEvBhwGmGRpU8xA06G3zxXw

Score
10/10
redlinesectoprat3discoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

3

C2

45.88.107.116:44061

Targets

    • Target

      NeonHack v.1.9.1.exe

    • Size

      497KB

    • MD5

      8eef6d2361a4ba46c76fc7390211ef50

    • SHA1

      80d740edde7fffbd05ebaafbcf6d7bb8a02ad016

    • SHA256

      8a269b9cb003cde07e1b18b16cc59384343be9a9cb5ab71cb6f82ee5e2cd130b

    • SHA512

      95ce5f64b443158c2c5cce1d43431a099257c5d49e52d8a17f178df32c69c143ad0d46c8682cc4ff521639c05fc44bdd0ce414f994087cfd524f9d0d9d021513

    • SSDEEP

      6144:e33nzsAF7YrlbTyeaheHhpz85ka+wxdLsb/:OjsAF7YrlbO3hi9wsj

    Score
    10/10
    redlinesectoprat3discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks