redline | d11e908a52a5e59e1b562477071a0eea0b1400a4468d506036ead82f3bfffafe | Triage

Submit
Reports

Overview

overview

Static

static

3

0d4a1bf449...ae.exe

windows7-x64

0d4a1bf449...ae.exe

windows10-2004-x64

Sharing

General

Target

0d4a1bf4499f0c9cf1c18f2b9fe49cae.exe
Size

523KB
Sample

231225-em8qtsfcf9
MD5

0d4a1bf4499f0c9cf1c18f2b9fe49cae
SHA1

8934cdbe0e81b7d7065dc7b77b969e6254314c97
SHA256

d11e908a52a5e59e1b562477071a0eea0b1400a4468d506036ead82f3bfffafe
SHA512

387d124040deb179514953078bd48f0a5cbbe714f64b5155942a597d51aa18d6305c809c2375587c85f095877e39605aec33fe7632b3a588bdc22bf0baec9f9f
SSDEEP

12288:K2bn8tvQ8F4p4pTcxOjpzbjduHgkI0mAHg:G9pMOdLduAkZmA

Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0d4a1bf4499f0c9cf1c18f2b9fe49cae.exe

Resource

win7-20231215-en

redline sectoprat cheat infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0d4a1bf4499f0c9cf1c18f2b9fe49cae.exe

Resource

win10v2004-20231215-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.98:55615

Targets

- Target
  
  0d4a1bf4499f0c9cf1c18f2b9fe49cae.exe
- Size
  
  523KB
- MD5
  
  0d4a1bf4499f0c9cf1c18f2b9fe49cae
- SHA1
  
  8934cdbe0e81b7d7065dc7b77b969e6254314c97
- SHA256
  
  d11e908a52a5e59e1b562477071a0eea0b1400a4468d506036ead82f3bfffafe
- SHA512
  
  387d124040deb179514953078bd48f0a5cbbe714f64b5155942a597d51aa18d6305c809c2375587c85f095877e39605aec33fe7632b3a588bdc22bf0baec9f9f
- SSDEEP
  
  12288:K2bn8tvQ8F4p4pTcxOjpzbjduHgkI0mAHg:G9pMOdLduAkZmA
Score

10^/10

redline sectoprat cheat infostealer rat trojan discovery spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerrattrojan

behavioral2

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

© 2018-2025

Terms | Privacy