redline | 200f2a3dd32cc7f7c39bac79d6cab48bf040fb4900254db5dcb65e8796b09246 | Triage

Submit
Reports

Overview

overview

Static

static

3

ba9dcc325c...c1.exe

windows7-x64

ba9dcc325c...c1.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2211a370844148eeb489ad79ca40636abin_JC.zip
Size

309KB
Sample

231006-p54vpsbf5x
MD5

29ad19a5364b7a091181bb7f7089b024
SHA1

3bf136d021afdbfecfc2df37c4114198ba0eb8c9
SHA256

200f2a3dd32cc7f7c39bac79d6cab48bf040fb4900254db5dcb65e8796b09246
SHA512

4b1ed0375dcdb3594c840b4a3b53b7c1a7ff23d78c7d81050548ff84ca29026ca8e8a7bdf0f165e345c732b8e6a542f455deab298cbec805dd347d375e9fa2ce
SSDEEP

6144:eAkUyuj+Zux3pk+sgkN7/+Vam3JKvugtou06lpxhvLOooDUd:CUBj+uCJp7QFgtou9lBL7oY

Score

10^/10

redline sectoprat andi infostealer rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ba9dcc325c94223a3a6b86a32e1b45a23cf61af6b360a678008c2f0e2a69a5c1.exe

Resource

win7-20230831-en

redline sectoprat andi infostealer rat spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba9dcc325c94223a3a6b86a32e1b45a23cf61af6b360a678008c2f0e2a69a5c1.exe

Resource

win10v2004-20230915-en

redline sectoprat andi infostealer rat spyware trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

andi

C2

155.94.136.249:45715

Targets

- Target
  
  ba9dcc325c94223a3a6b86a32e1b45a23cf61af6b360a678008c2f0e2a69a5c1.exe
- Size
  
  405KB
- MD5
  
  2211a370844148eeb489ad79ca40636a
- SHA1
  
  bd25bc951d7c609bdd40ddfdb13533fe5facb4fd
- SHA256
  
  ba9dcc325c94223a3a6b86a32e1b45a23cf61af6b360a678008c2f0e2a69a5c1
- SHA512
  
  64f22905c739ea14b7bcdd0575caa7794e0f151223099f5680016680c2f99f83805a19cf128618a9077b35d3a95f3a2b013077fe91324e77b3d6e8fa99bfd9db
- SSDEEP
  
  6144:65EuZhFKEW5iVlV1Q8jWA2pdpcX4hGRQhE9EsU5TqhMcOUdFfEsuABNueCgq:6pZhFSinvQ8jWA2psoh4+bssTTSuAJq
Score

10^/10

redline sectoprat andi infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratandiinfostealerratspywaretrojan

behavioral2

redlinesectopratandiinfostealerratspywaretrojan

© 2018-2025

Terms | Privacy