Overview

overview

10

Static

static

3

b8fc501eb3...28.exe

windows7-x64

10

b8fc501eb3...28.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8fc501eb333ec3e8e4aa801e739f119ffe667a77f6f7476e2543da1b1c3fb28.exe

  • Size

    719KB

  • Sample

    241123-ywdrlatnew

  • MD5

    cb1ec5ba1074408e40bcdcfd7ec3d52e

  • SHA1

    650511091c20d144e6674b0aa6256dddb08cbe71

  • SHA256

    b8fc501eb333ec3e8e4aa801e739f119ffe667a77f6f7476e2543da1b1c3fb28

  • SHA512

    300dd5ac177afdb99f5aa8bb2c510b09ac9ab96e8969304a70cada0af57afd7003ebbbf5cad67ad632268da2c0469e12da407fddc01e746e2f7de319c093ab1f

  • SSDEEP

    6144:A7Ye0biFuvf739mHQQjpbjpS8qTh7ph6juyk4xVPEacuFO+KMMmC+Jau7TObunel:A7YbvfQrR21rN/Fu9b4Ng7Fw

Score
10/10
redlinesectoprat1.0.2.0discoveryexecutioninfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

1.0.2.0

C2

185.183.32.227:51498

Attributes
  • auth_value

    aae45f951b3721694f220729d6c8896b

Targets

    • Target

      b8fc501eb333ec3e8e4aa801e739f119ffe667a77f6f7476e2543da1b1c3fb28.exe

    • Size

      719KB

    • MD5

      cb1ec5ba1074408e40bcdcfd7ec3d52e

    • SHA1

      650511091c20d144e6674b0aa6256dddb08cbe71

    • SHA256

      b8fc501eb333ec3e8e4aa801e739f119ffe667a77f6f7476e2543da1b1c3fb28

    • SHA512

      300dd5ac177afdb99f5aa8bb2c510b09ac9ab96e8969304a70cada0af57afd7003ebbbf5cad67ad632268da2c0469e12da407fddc01e746e2f7de319c093ab1f

    • SSDEEP

      6144:A7Ye0biFuvf739mHQQjpbjpS8qTh7ph6juyk4xVPEacuFO+KMMmC+Jau7TObunel:A7YbvfQrR21rN/Fu9b4Ng7Fw

    Score
    10/10
    redlinesectoprat1.0.2.0discoveryexecutioninfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks