redline | f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e | Triage

Submit
Reports

Overview

overview

Static

static

1

Order_conf...67.exe

windows7-x64

Order_conf...67.exe

windows10-2004-x64

Sharing

General

Target

Order_confirmation#278367.exe
Size

117KB
Sample

230401-hn7rpshh41
MD5

b63f8266a958beb581b25b95a6b54040
SHA1

fb1193a13211cc4677e41417addf4f8fc3de9049
SHA256

f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e
SHA512

d8525b12347c9fea9320134f672ff3e40d1bd091a2cd004ac06c11236da9a43de0e1e657711bd06e01dc49d9f0b8c8f3ea8ff6869a2cd4e3a09a6866ebd30821
SSDEEP

3072:lnRIZA8/VwWYwXMYiG1IibG3gZ+e4j1FyYHVo17:lnuASw2NpbT807

Score

10^/10

redline sectoprat cheat infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Order_confirmation#278367.exe

Resource

win7-20230220-en

redline sectoprat cheat infostealer rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Order_confirmation#278367.exe

Resource

win10v2004-20230220-en

redline sectoprat cheat infostealer rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

adm1234.duckdns.org:20603

Targets

- Target
  
  Order_confirmation#278367.exe
- Size
  
  117KB
- MD5
  
  b63f8266a958beb581b25b95a6b54040
- SHA1
  
  fb1193a13211cc4677e41417addf4f8fc3de9049
- SHA256
  
  f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e
- SHA512
  
  d8525b12347c9fea9320134f672ff3e40d1bd091a2cd004ac06c11236da9a43de0e1e657711bd06e01dc49d9f0b8c8f3ea8ff6869a2cd4e3a09a6866ebd30821
- SSDEEP
  
  3072:lnRIZA8/VwWYwXMYiG1IibG3gZ+e4j1FyYHVo17:lnuASw2NpbT807
Score

10^/10

redline sectoprat cheat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerrattrojan

behavioral2

redlinesectopratcheatinfostealerrattrojan

© 2018-2024

Terms | Privacy