redline | 8c827810f02e75f07007ed562147c79d8c4cc1ed448d365b3a198a4f318cfa0f | Triage

Submit
Reports

Overview

overview

Static

static

3

001919e17b...47.exe

windows7-x64

001919e17b...47.exe

windows10-2004-x64

Sharing

General

Target

001919e17b2e2fee7b74dd6058658047
Size

370KB
Sample

231229-wr35ksaha9
MD5

001919e17b2e2fee7b74dd6058658047
SHA1

482f4e7165e97eee550f12d2ba5e48f407580172
SHA256

8c827810f02e75f07007ed562147c79d8c4cc1ed448d365b3a198a4f318cfa0f
SHA512

81906315de87b82a1d8e0de59556cb1d5a2e0c4fa4547ef2827bf96a0a99e0b41469d0ca9d62f405af7243b8d1745370c52838363a9389584e9e7cb8200960eb
SSDEEP

6144:g6M4Ry8+IWoa+eEuBCPBMCmi/3dz3OBE7Caok+ceM:pM4EDIWoa+eEuBCPBMCmi/3dz3OBE7Cn

Score

10^/10

redline sectoprat sel22 infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

001919e17b2e2fee7b74dd6058658047.exe

Resource

win7-20231129-en

redline sectoprat sel22 infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

001919e17b2e2fee7b74dd6058658047.exe

Resource

win10v2004-20231215-en

redline sectoprat sel22 infostealer rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

sel22

C2

salkefard.xyz:80

Targets

- Target
  
  001919e17b2e2fee7b74dd6058658047
- Size
  
  370KB
- MD5
  
  001919e17b2e2fee7b74dd6058658047
- SHA1
  
  482f4e7165e97eee550f12d2ba5e48f407580172
- SHA256
  
  8c827810f02e75f07007ed562147c79d8c4cc1ed448d365b3a198a4f318cfa0f
- SHA512
  
  81906315de87b82a1d8e0de59556cb1d5a2e0c4fa4547ef2827bf96a0a99e0b41469d0ca9d62f405af7243b8d1745370c52838363a9389584e9e7cb8200960eb
- SSDEEP
  
  6144:g6M4Ry8+IWoa+eEuBCPBMCmi/3dz3OBE7Caok+ceM:pM4EDIWoa+eEuBCPBMCmi/3dz3OBE7Cn
Score

10^/10

redline sectoprat sel22 infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratsel22infostealerrattrojan

behavioral2

redlinesectopratsel22infostealerrattrojan

© 2018-2024

Terms | Privacy