redline | a5da5bcb68b919ac7a1d6c5ffea14901229d84e7ca48b50694f6f3afcf2d3437 | Triage

Submit
Reports

Overview

overview

Static

static

3

acaf74510a...43.exe

windows7-x64

acaf74510a...43.exe

windows10-2004-x64

Sharing

General

Target

acaf74510a18be564e27a2c97662ae43
Size

329KB
Sample

231219-1qzg8abefq
MD5

acaf74510a18be564e27a2c97662ae43
SHA1

aed6d15e616099ebac8ec5b1bc8638413fa8fcdb
SHA256

a5da5bcb68b919ac7a1d6c5ffea14901229d84e7ca48b50694f6f3afcf2d3437
SHA512

9988f645fcfc2855408c3973b32e576dc3cc2e19a2a393f16bf5bffe28b168bed96cc844b3878a105f5018064617761d8c2734c56cab7b470e47c3f45af0a3ea
SSDEEP

6144:mop8Jvgx8TA3W/zOGe7T2EWmpIJ+nRk87WgtPyHRbJEZWeQ2Ey/i7jkY/HeYA1Fw:moS4x8TA3GnG2dmdRk8ttWtJ4EnjV/Ht

Score

10^/10

redline sectoprat build infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

acaf74510a18be564e27a2c97662ae43.exe

Resource

win7-20231215-en

redline sectoprat build infostealer rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

acaf74510a18be564e27a2c97662ae43.exe

Resource

win10v2004-20231215-en

redline sectoprat build infostealer rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

build

C2

185.244.182.136:51832

Attributes

auth_value
275ce2c87153d4e8e3cc276c686a93de

Targets

- Target
  
  acaf74510a18be564e27a2c97662ae43
- Size
  
  329KB
- MD5
  
  acaf74510a18be564e27a2c97662ae43
- SHA1
  
  aed6d15e616099ebac8ec5b1bc8638413fa8fcdb
- SHA256
  
  a5da5bcb68b919ac7a1d6c5ffea14901229d84e7ca48b50694f6f3afcf2d3437
- SHA512
  
  9988f645fcfc2855408c3973b32e576dc3cc2e19a2a393f16bf5bffe28b168bed96cc844b3878a105f5018064617761d8c2734c56cab7b470e47c3f45af0a3ea
- SSDEEP
  
  6144:mop8Jvgx8TA3W/zOGe7T2EWmpIJ+nRk87WgtPyHRbJEZWeQ2Ey/i7jkY/HeYA1Fw:moS4x8TA3GnG2dmdRk8ttWtJ4EnjV/Ht
Score

10^/10

redline sectoprat build infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratbuildinfostealerrattrojan

behavioral2

redlinesectopratbuildinfostealerrattrojan

© 2018-2024

Terms | Privacy