Overview

overview

10

Static

static

3

mixazed_20...51.exe

windows7-x64

10

mixazed_20...51.exe

windows10-2004-x64

10

mixazed_20...30.exe

windows7-x64

10

mixazed_20...30.exe

windows10-2004-x64

10

mixazed_20...10.exe

windows7-x64

10

mixazed_20...10.exe

windows10-2004-x64

10

mixazed_20...03.exe

windows7-x64

10

mixazed_20...03.exe

windows10-2004-x64

10

mixazed_20...52.exe

windows7-x64

10

mixazed_20...52.exe

windows10-2004-x64

10

mixazed_20...04.exe

windows7-x64

10

mixazed_20...04.exe

windows10-2004-x64

10

usfive_202...48.exe

windows7-x64

10

usfive_202...48.exe

windows10-2004-x64

10

usfive_202...48.exe

windows7-x64

10

usfive_202...48.exe

windows10-2004-x64

10

usfive_202...44.exe

windows7-x64

10

usfive_202...44.exe

windows10-2004-x64

10

usfive_202...02.exe

windows7-x64

10

usfive_202...02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    018b18c7a4eb9376de254027fdfcebc106521d8846e0b804834b1ce529d9b72d

  • Size

    2.2MB

  • Sample

    241111-j6rzmswhjb

  • MD5

    5f5739494b3aa9099911644e9ce84596

  • SHA1

    355682247188515d8b112914b10fd6a3362dcc43

  • SHA256

    018b18c7a4eb9376de254027fdfcebc106521d8846e0b804834b1ce529d9b72d

  • SHA512

    4d824e4abb34a475c6eca7dc2ac78d3133042410604b9aa0f3db81181ca8769df7a61d936c25d45e5517c141be880d7442ee11fd8403931d6b17b0223489f2e2

  • SSDEEP

    49152:lvn88zdwZPSTBodP8SG/jvfZ+qJhl7iZQ4JkKoK1L:JLzdB6dP8NbZ+ktiZt/bL

Score
10/10
redlinesectopratchasemafia1installbot_mix2discoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

installbot_mix2

C2

185.118.165.94:15838

Extracted

Family

redline

Botnet

Chasemafia1

C2

185.234.247.50:55567

Targets

    • Target

      mixazed_20210807-151551

    • Size

      289KB

    • MD5

      3fc4dfb2c8515c0eb2a41b94f03f40ea

    • SHA1

      1841ccb39d226d81e0c04c42e19c940e61724a44

    • SHA256

      7ffa8bab81bbda872bf64eeaf9d512f8079375df031387e16e1d059b8651a51b

    • SHA512

      929ea5c6750a98ca178aafcbdb47c4fe7f7f545fb8d2b4583c0a562b836ef5887ca57ed781b7aa3168d062f6c10d6564ca961d476c052da7bc2a83d343b7525c

    • SSDEEP

      6144:jLJqF0B+U+IyFHrkQlyNmUeqHZrRg2HjTwa/RxJg:j1qF0kfIyhrbPUeARrNY

    Score
    10/10
    redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral1behavioral2

    • Target

      mixazed_20210807-153130

    • Size

      289KB

    • MD5

      0fd6165db6f69b3c19a698a44db5f82f

    • SHA1

      ff2bda233511f6d73d1683172b352bf519a96f4e

    • SHA256

      75346dcf49a714db71876bd970874e3868943b42350670a1c0af5df63716d6e9

    • SHA512

      4e10328f8ead6830366845ec45a58dedae0d05140fefc20859e49adc32c979649ae311eebb7d4f115db394925b1c3b4de605ef3f2d02d3c75809538efdf013b0

    • SSDEEP

      6144:JLUmbdceU1MRuP55LVeFHK6gSScorRgs4jTwa/RxJg:JAmxceU1MRAeFHKDSSRRsY

    Score
    10/10
    redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral3behavioral4

    • Target

      mixazed_20210807-154710

    • Size

      289KB

    • MD5

      9bfa606f671bd2073588c7af93efb584

    • SHA1

      ffb6a199430ad095e40768f414243665cb4c5baf

    • SHA256

      24646be55f95e34a779b67b33d0d08bbea3c3d8c0aa18d5c09d6c5da2422dc1d

    • SHA512

      4bcda8b1805f91d49075f4a7af16f3893c3f248aeb4a4bb0f63e2e48c5b9ab5b8cdac588c121f7cf1e256f555a6c6b17ddc6148a37211276df1762c5daaa6854

    • SSDEEP

      6144:ALyroTPoGGnBEZzEQrRg337jTwa/RxJg:AmrGPohEZzJRUY

    Score
    10/10
    redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral5behavioral6

    • Target

      mixazed_20210807-160303

    • Size

      289KB

    • MD5

      58e513977574036ca3c11019e011b086

    • SHA1

      acb5377e1234a0b18a3b4b7cc84961dee630ca48

    • SHA256

      2d7a7e1f392aa84e9fae8fe9a7d804cd2073306302509c4ec680f55566b48c50

    • SHA512

      e5f25f83311e0c93f4e2c07d64deb38fb196e55a904c589025aa3cf8b21e5fb57a313405db5ec4697d56237379438a381e07d567a43ff744c58c9647b42258f0

    • SSDEEP

      6144:GLyQh7nyUB2dR7CzKPxbxvGJLWIgdvrRgWewjTwa/RxJg:GmqDyUAFCK5bswRveMY

    Score
    10/10
    redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral7behavioral8

    • Target

      mixazed_20210807-161852

    • Size

      289KB

    • MD5

      05593a3c534c64e7cb79f8b49deecf12

    • SHA1

      79fafbe7a5ffd159e21178fac63d21635aec9207

    • SHA256

      6af089a788718217c83c20030234d2d793838f5ed2ab0915cded3696ca111ec1

    • SHA512

      1d6643451b88be5495f031262048fff9df2ccc6ef9a7f06263430478aebb1f3c100d8cc746b42d1e7de3e443bc1b5f12b60ebc8ff1cb697ccf9ec9b4f388c677

    • SSDEEP

      6144:AL0eS7KYJdWiC7UdkpHxL550R4orRgUjTwa/RxJg:AgeyyUdkpHxL550PRtY

    Score
    10/10
    redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral10behavioral9

    • Target

      mixazed_20210807-191104

    • Size

      309KB

    • MD5

      a9f4cdcf52c4a9b18f6526d51d538613

    • SHA1

      5e37658ad45301796637c18d29ea6b11a42ba477

    • SHA256

      077536d7f31229e9561557c5233fd4834784532a3c300c64f377220f42c3c4eb

    • SHA512

      35a9818ed6c588bd9f9f845f1649248d91d805fa207a79b9d9cd8391db3dd983d61d7f2a3bc4f5c5fa87ecf6dd76ab4fd557d622d99d2e484ed6a083031ec3dc

    • SSDEEP

      6144:Vh48kk+Ieou/DzPbJp+tCYNrRgiHjTwa/RxJg:Vh9v+DDjURJY

    Score
    10/10
    redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral11behavioral12

    • Target

      usfive_20210807-153148

    • Size

      289KB

    • MD5

      48f1e7fcb47aba2b519d0329f022df1d

    • SHA1

      2db448231b806cb00d6b217c3ee85fe90ec38e65

    • SHA256

      35dc39442f579da9b99f151727969ad84f42d9c2a9fa521500acc67030df7345

    • SHA512

      9a84eb5eeee7a84ac80bc56b9816d1fd7f0fb2d681426495b71c9aa689a4296d236f775bae3d85d8411fb738d281f67a90a13bc21056892a472bde248679931d

    • SSDEEP

      6144:oLJwZ/zSaGwa2zRaQHXt4kNB6qYkF/UrRgCoXjTwa/RxJg:o1g/zYazRaQ35B6qJURS9Y

    Score
    10/10
    redlinesectopratchasemafia1discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral13behavioral14

    • Target

      usfive_20210807-172148

    • Size

      289KB

    • MD5

      f6326a0afdb465f87f68f2fb43f1374f

    • SHA1

      a8e35dcc4e301b1e56901d006e615658781b91e1

    • SHA256

      21824c2a22e8e260fbe9f0cbc44fb5feaee5d9d48a38b6bb6e8a93a7ed6f09ec

    • SHA512

      e7379b2dc8303c9955f5a4d73dc67a5d1a3ffda0a3602a770c4339ed4da1df1b3dc17e436b2abd57d8a1aad0a01f149cb7077f094128bd48eb6046327c4e7a20

    • SSDEEP

      6144:sLEBD4EQu1Nq4Ap9JKT/OlsJIpBrRgJjTwa/RxJg:swBD7Qoz0bKfIDRyY

    Score
    10/10
    redlinesectopratchasemafia1discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral15behavioral16

    • Target

      usfive_20210807-180844

    • Size

      290KB

    • MD5

      19b35249cd35d4a1b08cef5542df0e86

    • SHA1

      53a178d009eedbc1b3039fba7f67a7b57c636f91

    • SHA256

      255b8ee6e2c5742a707570725ee205ee59b35c97e3db7d2693fb91d136554429

    • SHA512

      e37da95d817ef9d5b094a026267a6a86086b191a2cc671911e76525250b5b671613c17f5ee70959754a5a066ef594f3af5e89158646b03c7a78bc696a93c3152

    • SSDEEP

      6144:8i9hm+8i6irP2WNITvvu9puEN4xQYKrRg5zjTwa/RxJg:8Ehq2PQquTQPRMJY

    Score
    10/10
    redlinesectopratchasemafia1discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral17behavioral18

    • Target

      usfive_20210807-192702

    • Size

      308KB

    • MD5

      50e0c6a2194df9ba54ef9ad3fc29898a

    • SHA1

      30e350cbf3eb7159dc19295c227e1ef9f7f6ae20

    • SHA256

      f600c1f67327a3d2bbaeb1ab283ae1cfc3aa645b732cd62c9398c7a427b05bb6

    • SHA512

      46894f6e51eedcd696049363bbce8efe46665bc85358cd7fb5676da6bc9cad76c4e963a9432a2c252cee5170ac666da2b8725e796445e0ac7b5cbe1c414cb06c

    • SSDEEP

      6144:3kQ1Xi9TVdU5LbY6eQAOrRgU/2ejTwa/RxJg:3k+6TVdybb/REKY

    Score
    10/10
    redlinesectopratchasemafia1discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral2

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral3

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral4

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral5

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral6

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral7

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral8

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral9

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral10

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral11

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral12

redlinesectopratinstallbot_mix2discoveryinfostealerrattrojan
Score
10/10

behavioral13

redlinesectopratchasemafia1discoveryinfostealerrattrojan
Score
10/10

behavioral14

redlinesectopratchasemafia1discoveryinfostealerrattrojan
Score
10/10

behavioral15

redlinesectopratchasemafia1discoveryinfostealerrattrojan
Score
10/10

behavioral16

redlinesectopratchasemafia1discoveryinfostealerrattrojan
Score
10/10

behavioral17

redlinesectopratchasemafia1discoveryinfostealerrattrojan
Score
10/10

behavioral18

redlinesectopratchasemafia1discoveryinfostealerrattrojan
Score
10/10

behavioral19

redlinesectopratchasemafia1discoveryinfostealerrattrojan
Score
10/10

behavioral20

redlinesectopratchasemafia1discoveryinfostealerrattrojan
Score
10/10