Overview

overview

10

Static

static

3

4b7975e973...88.exe

windows7-x64

10

4b7975e973...88.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b7975e97347f349683aca4bbcddd995583eb1de753ab7adb91a203618c44c88.exe

  • Size

    452KB

  • Sample

    241123-qlbkgssjbj

  • MD5

    083734650620e38264f0342d2b161999

  • SHA1

    560640cd6cb1b91207627a68cefd332acd4d6188

  • SHA256

    4b7975e97347f349683aca4bbcddd995583eb1de753ab7adb91a203618c44c88

  • SHA512

    5504105cf49251781d44e30daa9d23da33da0ea47c83356a5dac2eb257df5c880eac3bfc76287c8b6bc34ea2774b742b9d4ea936e445e6c030b369682b4d032b

  • SSDEEP

    3072:oZhCweW0VQGzby81JVRLabd8WQv0MJXfyABDwf8PkZ5GfqPQ0Jc:osWyzcR8W3uXfyAeZdPQ0Jc

Score
10/10
redlinesectopratvalorantdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

valorant

C2

103.246.145.160:60489

Targets

    • Target

      4b7975e97347f349683aca4bbcddd995583eb1de753ab7adb91a203618c44c88.exe

    • Size

      452KB

    • MD5

      083734650620e38264f0342d2b161999

    • SHA1

      560640cd6cb1b91207627a68cefd332acd4d6188

    • SHA256

      4b7975e97347f349683aca4bbcddd995583eb1de753ab7adb91a203618c44c88

    • SHA512

      5504105cf49251781d44e30daa9d23da33da0ea47c83356a5dac2eb257df5c880eac3bfc76287c8b6bc34ea2774b742b9d4ea936e445e6c030b369682b4d032b

    • SSDEEP

      3072:oZhCweW0VQGzby81JVRLabd8WQv0MJXfyABDwf8PkZ5GfqPQ0Jc:osWyzcR8W3uXfyAeZdPQ0Jc

    Score
    10/10
    redlinesectopratvalorantdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks