redline | b8a047e3cd4389b70d5328f8828567ecfd7d308aaa8023f27d2eae441c8b2c05 | Triage

Submit
Reports

Overview

overview

Static

static

3

NEW ORDER ...df.exe

windows7-x64

7

NEW ORDER ...df.exe

windows10-2004-x64

Sharing

General

Target

NEW ORDER SAMPLE LITS.pdf.exe
Size

829KB
Sample

230719-klcvnaah3y
MD5

29ab96aab2936a83493071d8bbd1152b
SHA1

c0ffbc52934f45ac5de2af1bc545a11f3d961713
SHA256

b8a047e3cd4389b70d5328f8828567ecfd7d308aaa8023f27d2eae441c8b2c05
SHA512

25a083b2b89d96b6aa10a280e82e2837d6d0659e3d33c16528b87210df5022e5264588e93246fdbedef9ad2bb8410a88c7e7ed302bf93c938f26292b4d72f06a
SSDEEP

12288:f3DkEGDINi1EwkG8/sHWihcD8hwbL8tN2cEFLjGPSciSYoIjYtl0xzyuxHHmC5:/DkUNi1EvGVWD8u8EGac3YoIxpV5

Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEW ORDER SAMPLE LITS.pdf.exe

Resource

win7-20230712-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEW ORDER SAMPLE LITS.pdf.exe

Resource

win10v2004-20230703-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.95.168.223:55615

Targets

- Target
  
  NEW ORDER SAMPLE LITS.pdf.exe
- Size
  
  829KB
- MD5
  
  29ab96aab2936a83493071d8bbd1152b
- SHA1
  
  c0ffbc52934f45ac5de2af1bc545a11f3d961713
- SHA256
  
  b8a047e3cd4389b70d5328f8828567ecfd7d308aaa8023f27d2eae441c8b2c05
- SHA512
  
  25a083b2b89d96b6aa10a280e82e2837d6d0659e3d33c16528b87210df5022e5264588e93246fdbedef9ad2bb8410a88c7e7ed302bf93c938f26292b4d72f06a
- SSDEEP
  
  12288:f3DkEGDINi1EwkG8/sHWihcD8hwbL8tN2cEFLjGPSciSYoIjYtl0xzyuxHHmC5:/DkUNi1EvGVWD8u8EGac3YoIxpV5
Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

© 2018-2025

Terms | Privacy