Description
An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-control servers located in Russia. The investigation underscores the importance of exercising caution when dealing with untrusted software packages.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 14, 2024, 11:14 a.m. | Aug. 14, 2024, 11:14 a.m. | Aug. 14, 2024, 11:44 a.m. |
Indicators
7808f3aea222cdbec2e53b126f46195f4523e9501882b94e0cd42e30f8484f32
69cad2bf6d63dfc93b632cfd91b5182f14b5140da22f9a0ce82c8b459ad76c38
38c233b38ef1838666ce7204f41349d0ba9431ea4b23fdb05f915cc7a09ff7be
193.3.19.108
83.97.73.190
213.109.202.229
http://83.97.73.190:4819
http://193.3.19.108/bart.jpg
http://213.109.202.229:9000/wbinjget?q=6DDE74FFD397B5FB346F9CA050F6095C
http://193.3.19.108/Meta.jpg.
Attack Patterns
SectopRAT
Redline
T1569.002
T1053.005
T1037
T1064
T1059.005
T1059.003
T1059.001
T1059.007
T1219
T1036
T1027
T1112
Additional Informations
Russian Federation