Overview

overview

10

Static

static

3

1161b52500...75.exe

windows7-x64

10

1161b52500...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1161b525009e7448837a658eecc04275.exe

  • Size

    576KB

  • Sample

    250221-w2s3csypy7

  • MD5

    1161b525009e7448837a658eecc04275

  • SHA1

    2cad4c2f589760f6ae6830acb122a9d5eb9c66de

  • SHA256

    7b9c9e71110c3980f1803a7438f507eadea9b078e59a61d551e21e1cae8ad5e5

  • SHA512

    c85c524a09fc182b3472405b22372c2d6350b2df199d21805980d26215fc5ad075c41b5fdf371c3ddc85e5930e745426f21f0c7d50aa8c7114b2d3fb9451d034

  • SSDEEP

    12288:9xgmj7oTFHFO1ZhzfQiCwxRyOTBfdgZUxX18:75oTFHU1H5CwxRyu/xl

Score
10/10
redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.44:55615

Targets

    • Target

      1161b525009e7448837a658eecc04275.exe

    • Size

      576KB

    • MD5

      1161b525009e7448837a658eecc04275

    • SHA1

      2cad4c2f589760f6ae6830acb122a9d5eb9c66de

    • SHA256

      7b9c9e71110c3980f1803a7438f507eadea9b078e59a61d551e21e1cae8ad5e5

    • SHA512

      c85c524a09fc182b3472405b22372c2d6350b2df199d21805980d26215fc5ad075c41b5fdf371c3ddc85e5930e745426f21f0c7d50aa8c7114b2d3fb9451d034

    • SSDEEP

      12288:9xgmj7oTFHFO1ZhzfQiCwxRyOTBfdgZUxX18:75oTFHU1H5CwxRyu/xl

    Score
    10/10
    redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks