redline | 55deb19da531e80ad41f3a41a1d9bd0d47ad1d6f9451a599008b388d5c145d84 | Triage

Submit
Reports

Overview

overview

Static

static

1

f1293c371b...6e.exe

windows7-x64

f1293c371b...6e.exe

windows10-2004-x64

Sharing

General

Target

9747743518.zip
Size

101KB
Sample

230328-px215sba93
MD5

8d9d78cd1339e5b75f03060b04d508fe
SHA1

c4decad31ff32824b18c87b33c069b16568303ab
SHA256

55deb19da531e80ad41f3a41a1d9bd0d47ad1d6f9451a599008b388d5c145d84
SHA512

d17a550252fbb30f1064b9ba14349232b967cef858b98371ee0d517b320a9f1fda897ca583dc34de7909b736c25cae6749cbfce129e3d7325d00b5ccdc680518
SSDEEP

3072:Q2OW0hz0KxFDvZ9vVWizdlsANeyeViSryLh:Q2OeyFDLdWEswKrgh

Score

10^/10

redline sectoprat cheat infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e.exe

Resource

win7-20230220-en

redline sectoprat cheat infostealer rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e.exe

Resource

win10v2004-20230220-en

redline sectoprat cheat infostealer rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

adm1234.duckdns.org:20603

Targets

- Target
  
  f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e
- Size
  
  117KB
- MD5
  
  b63f8266a958beb581b25b95a6b54040
- SHA1
  
  fb1193a13211cc4677e41417addf4f8fc3de9049
- SHA256
  
  f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e
- SHA512
  
  d8525b12347c9fea9320134f672ff3e40d1bd091a2cd004ac06c11236da9a43de0e1e657711bd06e01dc49d9f0b8c8f3ea8ff6869a2cd4e3a09a6866ebd30821
- SSDEEP
  
  3072:lnRIZA8/VwWYwXMYiG1IibG3gZ+e4j1FyYHVo17:lnuASw2NpbT807
Score

10^/10

redline sectoprat cheat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerrattrojan

behavioral2

redlinesectopratcheatinfostealerrattrojan

© 2018-2024

Terms | Privacy