Today > vulnerabilities   -   You can now download lists of IOCs here!

Multiple Malware Dropped Through MSI Package

Aug. 14, 2024, 11:44 a.m.

Tags
powershell
stealer
persistence
dropper
redline
c2
2024-08-14
sectoprat
External References
Description

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-control servers located in Russia. The investigation underscores the importance of exercising caution when dealing with untrusted software packages.

Date

Published: Aug. 14, 2024, 11:14 a.m.

Created: Aug. 14, 2024, 11:14 a.m.

Modified: Aug. 14, 2024, 11:44 a.m.

Indicators

7808f3aea222cdbec2e53b126f46195f4523e9501882b94e0cd42e30f8484f32

69cad2bf6d63dfc93b632cfd91b5182f14b5140da22f9a0ce82c8b459ad76c38

38c233b38ef1838666ce7204f41349d0ba9431ea4b23fdb05f915cc7a09ff7be

193.3.19.108

83.97.73.190

213.109.202.229

http://83.97.73.190:4819

http://193.3.19.108/bart.jpg

http://213.109.202.229:9000/wbinjget?q=6DDE74FFD397B5FB346F9CA050F6095C

http://193.3.19.108/Meta.jpg.

filemanaager.net

Download all indicators here!

Attack Patterns

SectopRAT

Redline

T1569.002

T1053.005

T1037

T1064

T1059.005

T1059.003

T1059.001

T1059.007

T1219

T1036

T1027

T1112

Additional Informations

Russian Federation