redline | 59da329cc7870ef0cf6e6a11554a7c32386eb14552b01fbb2b48b04dc9bd24af | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

59da329cc7870ef0cf6e6a11554a7c32386eb14552b01fbb2b48b04dc9bd24af
Size

95KB
Sample

230421-qfzp5ahe8y
MD5

7f6ce8b34ed2ea784c3f051258853941
SHA1

9d864fa66a782d3973c2eb0176ba16a86503d3ca
SHA256

59da329cc7870ef0cf6e6a11554a7c32386eb14552b01fbb2b48b04dc9bd24af
SHA512

1613af32238877d361e70d4f9a2e69a36244675d09f63535a8a7d066855e5f36ca3b640a1805c263bc4f4ecc3d75899efed5c2dd8c4a2f3963e49fb90be1e13f
SSDEEP

1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2X3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdLY

Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

Static task

static1

cheat redline sectoprat

4 signatures

Behavioral task

behavioral1

Sample

59da329cc7870ef0cf6e6a11554a7c32386eb14552b01fbb2b48b04dc9bd24af.exe

Resource

win10v2004-20230220-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

62.108.37.195:16060

Targets

- Target
  
  59da329cc7870ef0cf6e6a11554a7c32386eb14552b01fbb2b48b04dc9bd24af
- Size
  
  95KB
- MD5
  
  7f6ce8b34ed2ea784c3f051258853941
- SHA1
  
  9d864fa66a782d3973c2eb0176ba16a86503d3ca
- SHA256
  
  59da329cc7870ef0cf6e6a11554a7c32386eb14552b01fbb2b48b04dc9bd24af
- SHA512
  
  1613af32238877d361e70d4f9a2e69a36244675d09f63535a8a7d066855e5f36ca3b640a1805c263bc4f4ecc3d75899efed5c2dd8c4a2f3963e49fb90be1e13f
- SSDEEP
  
  1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2X3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdLY
Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

cheatredlinesectoprat

behavioral1

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy