redline | 1f9843ff169fa572bc715c398ccb74e6d04232ae9a2f23d964d839bea5a94cae | Triage

Submit
Reports

Overview

overview

Static

static

1

Discord Lo...V4.exe

windows7-x64

Discord Lo...V4.exe

windows10-2004-x64

Sharing

General

Target

Discord Logger V4.exe
Size

191KB
Sample

230223-3cjwqahd87
MD5

f1a5d668b65f4db0c423ed6e9239e217
SHA1

17d986b65eef4389f0c311730a06ff062499adf1
SHA256

1f9843ff169fa572bc715c398ccb74e6d04232ae9a2f23d964d839bea5a94cae
SHA512

ea3f14a32718e4002cde81c5a32384d6ccfc6206571425fd0ac47dcddb5dfc7a9d7a836dcba6360e06f7a2faa88ab4efe3b6d7dab24c66abd1579b9065eaac0c
SSDEEP

3072:7OvZrP9bo8BdUayvjKRTtTO2NMmBM155t3S9CuVkXGsG4Ii+qJAmx8:7OBrFbo8BdE1sMnvSEkkvG4kquh

Score

10^/10

redline sectoprat cheat infostealer rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Discord Logger V4.exe

Resource

win7-20230220-en

redline sectoprat cheat infostealer rat spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Discord Logger V4.exe

Resource

win10v2004-20230220-en

redline sectoprat cheat infostealer rat spyware trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

83.150.217.106:26463

Targets

- Target
  
  Discord Logger V4.exe
- Size
  
  191KB
- MD5
  
  f1a5d668b65f4db0c423ed6e9239e217
- SHA1
  
  17d986b65eef4389f0c311730a06ff062499adf1
- SHA256
  
  1f9843ff169fa572bc715c398ccb74e6d04232ae9a2f23d964d839bea5a94cae
- SHA512
  
  ea3f14a32718e4002cde81c5a32384d6ccfc6206571425fd0ac47dcddb5dfc7a9d7a836dcba6360e06f7a2faa88ab4efe3b6d7dab24c66abd1579b9065eaac0c
- SSDEEP
  
  3072:7OvZrP9bo8BdUayvjKRTtTO2NMmBM155t3S9CuVkXGsG4Ii+qJAmx8:7OBrFbo8BdE1sMnvSEkkvG4kquh
Score

10^/10

redline sectoprat cheat infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerratspywaretrojan

behavioral2

redlinesectopratcheatinfostealerratspywaretrojan

© 2018-2024

Terms | Privacy