blankgrabber | 7fd20dd1ce4c8e54f077ef9880dd8794158fc2406d66b7656e239f798eacfeee

General

Target

Nuker 1.2.exe
Size

6.0MB
Sample

241209-j3l9zs1qay
MD5

ea52bb50895e85eba81d29a84318cb62
SHA1

198d852c2baf2304e44da82e4ba74d591cf31776
SHA256

7fd20dd1ce4c8e54f077ef9880dd8794158fc2406d66b7656e239f798eacfeee
SHA512

8bbc5061f167f36deea84a909e1df87ac67a53e04195874f6892b73b37a0a79285ed945ae509972721a85c0df1cf5207486978ba870965810d9de8014e87f0f7
SSDEEP

98304:UAmoDUN43W5NjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6ag1Rjtj4:UAumWDOjmFwDRxtYSHdK34kdai7bN3mz

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

mamut

C2

185.241.208.73:18430

Targets

- Target
  
  Nuker 1.2.exe
- Size
  
  6.0MB
- MD5
  
  ea52bb50895e85eba81d29a84318cb62
- SHA1
  
  198d852c2baf2304e44da82e4ba74d591cf31776
- SHA256
  
  7fd20dd1ce4c8e54f077ef9880dd8794158fc2406d66b7656e239f798eacfeee
- SHA512
  
  8bbc5061f167f36deea84a909e1df87ac67a53e04195874f6892b73b37a0a79285ed945ae509972721a85c0df1cf5207486978ba870965810d9de8014e87f0f7
- SSDEEP
  
  98304:UAmoDUN43W5NjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6ag1Rjtj4:UAumWDOjmFwDRxtYSHdK34kdai7bN3mz
Score

10^/10

upx redline sectoprat mamut discovery execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  �r� �_.pyc
- Size
  
  857B
- MD5
  
  17329d1b9218461171654c85ce0b28f0
- SHA1
  
  0900a4f3014fc31055b776a06c8a773894fcbf1c
- SHA256
  
  98eb1fad7ffe9370ab327db1b8669da78e38a15efcf83f39444a0860eec4f05d
- SHA512
  
  1886767d399a078c62835659bea9dbb74cb85ab1bce8aeaf17dbe46a765fdd12333fd05803f302fe6a91b2d2890ceef2a56c54a42bf6a65c867da4b95999c3ee
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine

RedLine payload

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4