redline | bf82785d05512cf87b68786d825bb01052fb28f7feb2d71a78f55728785e9481 | Triage

Submit
Reports

Overview

overview

Static

static

1

93acd7f68e...32.exe

windows7-x64

93acd7f68e...32.exe

windows10-2004-x64

Sharing

General

Target

93acd7f68e3f777d29f7f30b922da99fdaeaf71208378604b4c1d28bdfc1a032.zip
Size

7.5MB
Sample

230328-kt2trabg4y
MD5

71dc384f1862027b410a30c12c076242
SHA1

53e16533e924f19be7ebb55e66ceb29538e06ec8
SHA256

bf82785d05512cf87b68786d825bb01052fb28f7feb2d71a78f55728785e9481
SHA512

59614315c1dd357ba521378902e9d57bc1ad4c01de248cd3d1689a6039d6ebbfce634d90d116e76e7a7af93a7d663d0dd745dad5045bc9864f32a3b8f8424b2f
SSDEEP

196608:4TdoAiBTz+V38DUK0cwQdCQ0vt8TSbWDHJLzLjp4aX+:u0dz+b3QIZvLSJz6au

Score

10^/10

redline sectoprat cheat infostealer pyinstaller rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

93acd7f68e3f777d29f7f30b922da99fdaeaf71208378604b4c1d28bdfc1a032.exe

Resource

win7-20230220-en

redline sectoprat cheat infostealer pyinstaller rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

93acd7f68e3f777d29f7f30b922da99fdaeaf71208378604b4c1d28bdfc1a032.exe

Resource

win10v2004-20230221-en

redline sectoprat cheat infostealer pyinstaller rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

127.0.0.1:1639

Targets

- Target
  
  93acd7f68e3f777d29f7f30b922da99fdaeaf71208378604b4c1d28bdfc1a032
- Size
  
  7.5MB
- MD5
  
  99dd387a62cb879c2aba502e556a6c93
- SHA1
  
  67ec4c2873787998a05ee62751384eb1a9b8a677
- SHA256
  
  93acd7f68e3f777d29f7f30b922da99fdaeaf71208378604b4c1d28bdfc1a032
- SHA512
  
  48e3a912e03e633375b4a1372e951aa7c2348f29a420bba1a5df354d8c26415b6bbbbea5707008d72dfd087a87d19996ec58b394c413ffdb296b1a8ec592b09d
- SSDEEP
  
  196608:G+QDCeRpnhgR/BQ+/Svwj47kuTkGfxDlDl:n6MQ+/SvwOvY4
Score

10^/10

redline sectoprat cheat infostealer pyinstaller rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Account Manipulation

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerpyinstallerrattrojan

behavioral2

redlinesectopratcheatinfostealerpyinstallerrattrojan

© 2018-2024

Terms | Privacy