redline | 910ceaeb607b44cc583482a828050d8696b7c80fd6bfc15f67889f1f37fe7491 | Triage

Submit
Reports

Overview

overview

Static

static

3

9912cf587f...48.exe

windows7-x64

9912cf587f...48.exe

windows10-2004-x64

Sharing

General

Target

9912cf587f9d8f6063661385aa36a848
Size

1.1MB
Sample

231219-zjmpeabdc9
MD5

9912cf587f9d8f6063661385aa36a848
SHA1

df2694a1f0cb34ead48f3f8574c423ded693a7fa
SHA256

910ceaeb607b44cc583482a828050d8696b7c80fd6bfc15f67889f1f37fe7491
SHA512

6c68f87fd4dacd2fa479f4fdf3bafd1af0804e38cf3cc257d8ec153c9e7c280f7ffe4adc0ea6c000514d15e869bade73eb9e6812fddd5eeedd5c3d8c9009c2f9
SSDEEP

24576:ncoKwrldiMNtn2bzPBKWghvHSLx7vWSbJ4ZS0POeyqNMsKqvbW:ncoKovtn2BvghPox7dbJc46NLvb

Score

10^/10

redline sectoprat build infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9912cf587f9d8f6063661385aa36a848.exe

Resource

win7-20231215-en

redline sectoprat build infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

9912cf587f9d8f6063661385aa36a848.exe

Resource

win10v2004-20231215-en

redline sectoprat build infostealer rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

build

C2

92.119.115.229:48282

Targets

- Target
  
  9912cf587f9d8f6063661385aa36a848
- Size
  
  1.1MB
- MD5
  
  9912cf587f9d8f6063661385aa36a848
- SHA1
  
  df2694a1f0cb34ead48f3f8574c423ded693a7fa
- SHA256
  
  910ceaeb607b44cc583482a828050d8696b7c80fd6bfc15f67889f1f37fe7491
- SHA512
  
  6c68f87fd4dacd2fa479f4fdf3bafd1af0804e38cf3cc257d8ec153c9e7c280f7ffe4adc0ea6c000514d15e869bade73eb9e6812fddd5eeedd5c3d8c9009c2f9
- SSDEEP
  
  24576:ncoKwrldiMNtn2bzPBKWghvHSLx7vWSbJ4ZS0POeyqNMsKqvbW:ncoKovtn2BvghPox7dbJc46NLvb
Score

10^/10

redline sectoprat build infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratbuildinfostealerrattrojan

behavioral2

redlinesectopratbuildinfostealerrattrojan

© 2018-2024

Terms | Privacy