redline | 1a1b1cc4d900f960e0ae57926ef52be14940839f197e3ee35186f2a02e27c36c | Triage

Submit
Reports

Overview

overview

Static

static

3

35646f78de...6b.exe

windows7-x64

35646f78de...6b.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

35646f78deb6f9bfe8119b82fd71d06b.exe
Size

1.3MB
Sample

240102-s22sqaggfm
MD5

35646f78deb6f9bfe8119b82fd71d06b
SHA1

3a238282aad1e842a7c08f77fd21d546f2c22f03
SHA256

1a1b1cc4d900f960e0ae57926ef52be14940839f197e3ee35186f2a02e27c36c
SHA512

68d67471b9c96e82e217c358e24f4f84b90b2e1ad787c8281dfda9a6e9d0456cbe8513b5b301f864c55f887b658c7ee5b177c5a070335e2508a74e3ad1cd59c2
SSDEEP

3072:NjySjYUVNCkrZRpekfuwaQSNgLztFn3gwq2O+dm58gCp3D9qp9PYBSrDuyboo7E:weLvCkrZR1fuwXSNgP/3gwq2dm58qrC

Score

10^/10

redline sectoprat @deadsonye infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

35646f78deb6f9bfe8119b82fd71d06b.exe

Resource

win7-20231215-en

redline sectoprat @deadsonye infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

35646f78deb6f9bfe8119b82fd71d06b.exe

Resource

win10v2004-20231215-en

redline sectoprat @deadsonye infostealer rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@deadsonye

C2

ierinapu.xyz:80

Targets

- Target
  
  35646f78deb6f9bfe8119b82fd71d06b.exe
- Size
  
  1.3MB
- MD5
  
  35646f78deb6f9bfe8119b82fd71d06b
- SHA1
  
  3a238282aad1e842a7c08f77fd21d546f2c22f03
- SHA256
  
  1a1b1cc4d900f960e0ae57926ef52be14940839f197e3ee35186f2a02e27c36c
- SHA512
  
  68d67471b9c96e82e217c358e24f4f84b90b2e1ad787c8281dfda9a6e9d0456cbe8513b5b301f864c55f887b658c7ee5b177c5a070335e2508a74e3ad1cd59c2
- SSDEEP
  
  3072:NjySjYUVNCkrZRpekfuwaQSNgLztFn3gwq2O+dm58gCp3D9qp9PYBSrDuyboo7E:weLvCkrZR1fuwXSNgP/3gwq2dm58qrC
Score

10^/10

redline sectoprat @deadsonye infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectoprat@deadsonyeinfostealerrattrojan

behavioral2

redlinesectoprat@deadsonyeinfostealerrattrojan

© 2018-2025

Terms | Privacy