redline | d66aa5d9471168e262c16636a54de48022b6f75b622f8d1faf74c31087ef9964 | Triage

Submit
Reports

Overview

overview

Static

static

1

3d5f4a6a06...e2.exe

windows7-x64

3d5f4a6a06...e2.exe

windows10-2004-x64

Sharing

General

Target

3d5f4a6a061550225a30e76f8ff8ef379f158d14862c4b76a56a0844114de8e2.zip
Size

7.2MB
Sample

230329-r61wjsad2s
MD5

4ea9c69a064252d4938f1a13fa2f47f5
SHA1

e6d38869c2fbf53ea8dc5e16d0493d652ea0ac25
SHA256

d66aa5d9471168e262c16636a54de48022b6f75b622f8d1faf74c31087ef9964
SHA512

162e02cca59e3c273140cc09ae39c8507d6aeecee6d508b48bec757ce3b3bf295d81b5c92ccc5b59bbadf2108aa3537c7fdf22a772f5964fbf6e094b2a8d8188
SSDEEP

196608:hHdF2nfEUmkUl9pl9geWBXkQvqQ4xGn07xa:NdqfEDpXr938ZvhnQa

Score

10^/10

redline sectoprat cheat infostealer pyinstaller rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

3d5f4a6a061550225a30e76f8ff8ef379f158d14862c4b76a56a0844114de8e2.exe

Resource

win7-20230220-en

redline sectoprat cheat infostealer pyinstaller rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d5f4a6a061550225a30e76f8ff8ef379f158d14862c4b76a56a0844114de8e2.exe

Resource

win10v2004-20230220-en

redline sectoprat cheat infostealer pyinstaller rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.141.215.79:1639

Targets

- Target
  
  3d5f4a6a061550225a30e76f8ff8ef379f158d14862c4b76a56a0844114de8e2
- Size
  
  7.2MB
- MD5
  
  7212e623e04d3427364e7f00a95bf932
- SHA1
  
  5f8e0384cf7c209d804d9b10e3d2281a9c391fe7
- SHA256
  
  3d5f4a6a061550225a30e76f8ff8ef379f158d14862c4b76a56a0844114de8e2
- SHA512
  
  3a2ac1111eaaf17475235ee233819286848c45bb2d69a42803fde15f4ae609f63120ca3a9f945b80af1a7c565941e81513ecb90ef9ea1320240c81f77091f7df
- SSDEEP
  
  196608:r+QDCeRpnhgR/BQ+/Svwj47kuTkGfxDlDlAs:s6MQ+/SvwOvY4
Score

10^/10

redline sectoprat cheat infostealer pyinstaller rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Account Manipulation

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerpyinstallerrattrojan

behavioral2

redlinesectopratcheatinfostealerpyinstallerrattrojan

© 2018-2024

Terms | Privacy