redline | f8f717beb9b7de0b20ef86dcabc3a7b107fcfd933daa17899ff95dce53ba6db8 | Triage

Submit
Reports

Overview

overview

Static

static

1

usfive_202...05.exe

windows7-x64

usfive_202...05.exe

windows10-2004-x64

1

Resubmissions

21-02-2023 12:00

230221-n6fzlagf2s 10

21-10-2021 09:05

211021-k16raaaaf6 10

Sharing

General

Target

usfive_20211021-084805
Size

337KB
Sample

230221-n6fzlagf2s
MD5

a371cb8030ecb71c1246359e86e45fe6
SHA1

8cc4982a22d833799906bd8c9616385142386407
SHA256

f8f717beb9b7de0b20ef86dcabc3a7b107fcfd933daa17899ff95dce53ba6db8
SHA512

8875fb83ce689f5f8dced5cbde2e40cdc9adfbf716f34770bdc747e0ef47d3766c91c1c9c30a1638381617e47bf8650d4909b24822e957102cffc5aa58338100
SSDEEP

6144:0AW7N8YRaM/mfYE3p8YngaiZEN6RwMlkO/ZZof9KgTIADG8el:097N8YRz/iB+YnmwMlBxZyTxD

Score

10^/10

redline sectoprat netlyvpn evadav infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

usfive_20211021-084805.exe

Resource

win7-20230220-en

redline sectoprat netlyvpn evadav infostealer rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

usfive_20211021-084805.exe

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

netlyvpn evadav

C2

94.103.9.181:25749

Attributes

auth_value
2f7acec700c0507cc87a24aafe1c92fb

Targets

- Target
  
  usfive_20211021-084805
- Size
  
  337KB
- MD5
  
  a371cb8030ecb71c1246359e86e45fe6
- SHA1
  
  8cc4982a22d833799906bd8c9616385142386407
- SHA256
  
  f8f717beb9b7de0b20ef86dcabc3a7b107fcfd933daa17899ff95dce53ba6db8
- SHA512
  
  8875fb83ce689f5f8dced5cbde2e40cdc9adfbf716f34770bdc747e0ef47d3766c91c1c9c30a1638381617e47bf8650d4909b24822e957102cffc5aa58338100
- SSDEEP
  
  6144:0AW7N8YRaM/mfYE3p8YngaiZEN6RwMlkO/ZZof9KgTIADG8el:097N8YRz/iB+YnmwMlBxZyTxD
Score

10^/10

redline sectoprat netlyvpn evadav infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratnetlyvpn evadavinfostealerrattrojan

behavioral2

© 2018-2024

Terms | Privacy