redline | 90706da9b2d8dca13b4823cb9b6c95bde3df92ac336826722b33cfe495d2e300 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

90706da9b2d8dca13b4823cb9b6c95bde3df92ac336826722b33cfe495d2e300
Size

205KB
Sample

230220-hys2ashd9v
MD5

b3503746bb7f1d30755c9f4a26ce0a2c
SHA1

2490c2a6b3fad0711993c8bb16aab2d21cefac6f
SHA256

90706da9b2d8dca13b4823cb9b6c95bde3df92ac336826722b33cfe495d2e300
SHA512

142841d0e5a51212af7f7ae6cd083eb5daa2e5542f3c8294524ff8c722a4dcbe8462bf647f928ba3b3edb4d36638a4be5a83ad5762e9b8e66429f6006901b72c
SSDEEP

1536:pqsEFqJklbG6jejoigIg43Ywzi0Zb78ivombfexv0ujXyyed2AtmulgS6pG3OkzB:HYScYg+zi0ZbYe1g0ujyzdspkzLQW

Score

10^/10

redline sectoprat 1877 discovery infostealer rat spyware stealer trojan

Static task

static1

1877 redline sectoprat

4 signatures

Behavioral task

behavioral1

Sample

90706da9b2d8dca13b4823cb9b6c95bde3df92ac336826722b33cfe495d2e300.exe

Resource

win10v2004-20221111-en

redline sectoprat 1877 discovery infostealer rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

1877

C2

overthinker1877.duckdns.org:60732

Targets

- Target
  
  90706da9b2d8dca13b4823cb9b6c95bde3df92ac336826722b33cfe495d2e300
- Size
  
  205KB
- MD5
  
  b3503746bb7f1d30755c9f4a26ce0a2c
- SHA1
  
  2490c2a6b3fad0711993c8bb16aab2d21cefac6f
- SHA256
  
  90706da9b2d8dca13b4823cb9b6c95bde3df92ac336826722b33cfe495d2e300
- SHA512
  
  142841d0e5a51212af7f7ae6cd083eb5daa2e5542f3c8294524ff8c722a4dcbe8462bf647f928ba3b3edb4d36638a4be5a83ad5762e9b8e66429f6006901b72c
- SSDEEP
  
  1536:pqsEFqJklbG6jejoigIg43Ywzi0Zb78ivombfexv0ujXyyed2AtmulgS6pG3OkzB:HYScYg+zi0ZbYe1g0ujyzdspkzLQW
Score

10^/10

redline sectoprat 1877 discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

1877redlinesectoprat

behavioral1

redlinesectoprat1877discoveryinfostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy