Overview

overview

10

Static

static

3

8aff3d560e...3b.exe

windows7-x64

10

8aff3d560e...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8aff3d560eb4e4550f839bb25a23f33b.exe

  • Size

    445KB

  • Sample

    250102-gakjkswkht

  • MD5

    8aff3d560eb4e4550f839bb25a23f33b

  • SHA1

    e531081a7b1697ebf78e9d696d3794cf569d4346

  • SHA256

    55c9a76d39d5d236202271d56bdf3e8357fc1b15458030a46a628e6ab4443bce

  • SHA512

    76cd25086287b70b53f5f4d674c1fa3b1b49c5e3c94e45134b7b989d1d3cfd8ac96983a0da0e081fd2c39a328e9313b6fac9c10b01b386c16948a336fb084658

  • SSDEEP

    12288:5b5pP4Tbe1LsRU8z0gS5trj6kR3iOjbzTVGg:p5pP4TbYq0gSPxQMVGg

Score
10/10
redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

154.91.34.250:14555

Targets

    • Target

      8aff3d560eb4e4550f839bb25a23f33b.exe

    • Size

      445KB

    • MD5

      8aff3d560eb4e4550f839bb25a23f33b

    • SHA1

      e531081a7b1697ebf78e9d696d3794cf569d4346

    • SHA256

      55c9a76d39d5d236202271d56bdf3e8357fc1b15458030a46a628e6ab4443bce

    • SHA512

      76cd25086287b70b53f5f4d674c1fa3b1b49c5e3c94e45134b7b989d1d3cfd8ac96983a0da0e081fd2c39a328e9313b6fac9c10b01b386c16948a336fb084658

    • SSDEEP

      12288:5b5pP4Tbe1LsRU8z0gS5trj6kR3iOjbzTVGg:p5pP4TbYq0gSPxQMVGg

    Score
    10/10
    redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks