General
-
Target
6bb9ca971bd9a34a23e4bbd4824104717f36dd5d98fec3fbc46288936abc4e0a
-
Size
545KB
-
Sample
240702-2g9r9stbma
-
MD5
b144263f1544b3c38b487f72480c47d0
-
SHA1
8d9412b8691ab44fd3fd102d09ec69641488062d
-
SHA256
6bb9ca971bd9a34a23e4bbd4824104717f36dd5d98fec3fbc46288936abc4e0a
-
SHA512
dfb4ecabe3b18c425db729ccf7be435c71f044805942e275d2186e504fb6290a69476dfa4c333b95803968215ef1a36a23c25ab7526080e9eb51bed4a30e7d50
-
SSDEEP
12288:4cHkOsjSANT3ukfErMyy9ij/iuM/JCnC1UzhM3ymEylLMkR:4bbjFT3ukcc9ij/8CC1GhM3xft
Malware Config
Extracted
redline
cheat
45.137.22.124:55615
Targets
-
-
Target
6bb9ca971bd9a34a23e4bbd4824104717f36dd5d98fec3fbc46288936abc4e0a
-
Size
545KB
-
MD5
b144263f1544b3c38b487f72480c47d0
-
SHA1
8d9412b8691ab44fd3fd102d09ec69641488062d
-
SHA256
6bb9ca971bd9a34a23e4bbd4824104717f36dd5d98fec3fbc46288936abc4e0a
-
SHA512
dfb4ecabe3b18c425db729ccf7be435c71f044805942e275d2186e504fb6290a69476dfa4c333b95803968215ef1a36a23c25ab7526080e9eb51bed4a30e7d50
-
SSDEEP
12288:4cHkOsjSANT3ukfErMyy9ij/iuM/JCnC1UzhM3ymEylLMkR:4bbjFT3ukcc9ij/8CC1GhM3xft
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-