Overview

overview

10

Static

static

3

2025-04-03...ar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-03_5b13472e8d2a610813b498ed3d9c3314_hiddentear

  • Size

    631KB

  • Sample

    250403-kpavgatses

  • MD5

    5b13472e8d2a610813b498ed3d9c3314

  • SHA1

    004de0f4ffdfe828528f493b2a883b2a91e0b01c

  • SHA256

    a0cb6d894dab0751f859185be4d59350934018c25345089129b672c87f61e031

  • SHA512

    466357cd56ef252ea1321b04cc81884324d9ef5404186930e2dc3cc0f1ca0f443fe2d0adcc85e39f51a688d3b6357268f23acaf315d588cf20e8a18290ca083a

  • SSDEEP

    12288:yulZDWT9uV2J7768pTSxpCfLJxval/j+AYJqZNdAA:oey77XuYKj+A5hA

Score
10/10
redlinesectopratcheatdiscoveryexecutioninfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

160.202.133.218:54139

Targets

    • Target

      2025-04-03_5b13472e8d2a610813b498ed3d9c3314_hiddentear

    • Size

      631KB

    • MD5

      5b13472e8d2a610813b498ed3d9c3314

    • SHA1

      004de0f4ffdfe828528f493b2a883b2a91e0b01c

    • SHA256

      a0cb6d894dab0751f859185be4d59350934018c25345089129b672c87f61e031

    • SHA512

      466357cd56ef252ea1321b04cc81884324d9ef5404186930e2dc3cc0f1ca0f443fe2d0adcc85e39f51a688d3b6357268f23acaf315d588cf20e8a18290ca083a

    • SSDEEP

      12288:yulZDWT9uV2J7768pTSxpCfLJxval/j+AYJqZNdAA:oey77XuYKj+A5hA

    Score
    10/10
    redlinesectopratcheatdiscoveryexecutioninfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.