General
-
Target
https://dosya.co/u0jtlrjg80h4/Petras_RedlineStealer.rar.html
-
Sample
250124-pbhelsxpaw
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
cheat
C2
127.0.0.1:1337
Extracted
Family
oski
C2
Eddd.Ultihost.Net
Targets
-
-
Target
https://dosya.co/u0jtlrjg80h4/Petras_RedlineStealer.rar.html
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Oski family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Sectoprat family
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1