Overview

overview

10

Static

static

3

2025-04-02...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-02_63b60ae67da8b10796b0c91d2f9a2de2_agent-tesla_formbook_hiddentear_xloader

  • Size

    679KB

  • Sample

    250402-evwq8s1vfw

  • MD5

    63b60ae67da8b10796b0c91d2f9a2de2

  • SHA1

    9e15f3db157bc8c57dfd4442ffbcb57b17a8ffef

  • SHA256

    b5e4582459f04b0cad1536690f96bdb740d487788bc831f18fc8eecf14261e92

  • SHA512

    ecba888bd0dd4bf53a93a0db5d8173a18a8c1e1b8b4d2de36faf2ed578e9781b6f94336bc705c6d3435cb5470c12c4abfa0f03df4d8679a7f73e94d52cef0a25

  • SSDEEP

    12288:QvtMlZdojk17xdpckAsxK4RJV/JIigbyHPlAxfdAA:st34nbckw4p/JIigbuaxFA

Score
10/10
redlinesectopratcheatdiscoveryexecutioninfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

23.105.161.229:21522

Targets

    • Target

      2025-04-02_63b60ae67da8b10796b0c91d2f9a2de2_agent-tesla_formbook_hiddentear_xloader

    • Size

      679KB

    • MD5

      63b60ae67da8b10796b0c91d2f9a2de2

    • SHA1

      9e15f3db157bc8c57dfd4442ffbcb57b17a8ffef

    • SHA256

      b5e4582459f04b0cad1536690f96bdb740d487788bc831f18fc8eecf14261e92

    • SHA512

      ecba888bd0dd4bf53a93a0db5d8173a18a8c1e1b8b4d2de36faf2ed578e9781b6f94336bc705c6d3435cb5470c12c4abfa0f03df4d8679a7f73e94d52cef0a25

    • SSDEEP

      12288:QvtMlZdojk17xdpckAsxK4RJV/JIigbyHPlAxfdAA:st34nbckw4p/JIigbuaxFA

    Score
    10/10
    redlinesectopratcheatdiscoveryexecutioninfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.