Overview

overview

10

Static

static

3

SetupPro_R1.exe

windows7-x64

10

SetupPro_R1.exe

windows10-2004-x64

10

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bb2330716103069cb5071a4b6ecc28ee02113a5becca122ac1938df89801361

  • Size

    1.1MB

  • Sample

    241111-mwj3tsxnfy

  • MD5

    67a36c63280c3d6e40fc4679f541b369

  • SHA1

    917a1e688201dbecde18c35b6620661231a25888

  • SHA256

    8bb2330716103069cb5071a4b6ecc28ee02113a5becca122ac1938df89801361

  • SHA512

    3b282043e20dbc9e65437aef91d661bb2301a0991cce91e442ab5dc8fd36820a340f8316aaa55caca6ca9ccdc851b249e846418febe4500c69b7da2ef4046ace

  • SSDEEP

    12288:87osIbm076miJH8bWzQVjn58YD2XcK6Xksu6TkFBEimDNe/4yFkryYjNzYzoBvl/:eosv7hj0hXFRUI4/Zkeo9N6+

Score
10/10
redlinesectoprat11discoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

11

C2

vigasiergu.xyz:80

Targets

    • Target

      SetupPro_R1.exe

    • Size

      1.1MB

    • MD5

      ab619a2ccbab2c5f3df2f6e53a47b224

    • SHA1

      45e1aa1cacf636cf75ca9ec5d06cc77e87019c40

    • SHA256

      fc6ded4effe32e8e5a392ddc9e73b54c11bed343d7981daa3393c3bffe058abc

    • SHA512

      fab90bdc1cf52288c81384b1eec7d544b3d472ce6fa0c899076f93ef00e8f06b03d296cb380f3839d02d5f01a9a4ba5440dafc4632dfbac32c8ae21e1c13c5a8

    • SSDEEP

      24576:siaaWD24cuYYbT9tfc1NaQH1NR9d07FE5z5ONAWBPttJVi0jh78H4D:slaWFB7nT2N3rREFEgftJVj/

    Score
    10/10
    redlinesectoprat11discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      09c2e27c626d6f33018b8a34d3d98cb6

    • SHA1

      8d6bf50218c8f201f06ecf98ca73b74752a2e453

    • SHA256

      114c6941a8b489416c84563e94fd266ea5cad2b518db45cd977f1f9761e00cb1

    • SHA512

      883454bef7b6de86d53af790755ae624f756b48b23970f865558ba03a5aecfa8d15f14700e92b3c51546e738c93e53dc50b8a45f79ef3f00aa84382853440954

    • SSDEEP

      96:pBNUBGfVwhcAlhPRJAixx+3eDEsgcBbcB/NFyVOHd0+uisX4:qBGfV5AlJJfFgcBbcB/N8Ved0P

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks