redline | 7cdb5caa02641106bcff05aac76786d387a168624e34e47b3a39ec5d054fcfe0 | Triage

Submit
Reports

Overview

overview

Static

static

3

420b5e0a40...bf.exe

windows7-x64

1

420b5e0a40...bf.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

420b5e0a40b576da5f8c7898777b19bf
Size

988KB
Sample

240104-1636cacfbq
MD5

420b5e0a40b576da5f8c7898777b19bf
SHA1

bb5ff994557b15a41bef1ecf1c0a1f61197e8599
SHA256

7cdb5caa02641106bcff05aac76786d387a168624e34e47b3a39ec5d054fcfe0
SHA512

aef932da27b6a3d920ad381c4add299c047a7e5f0c4d27204e475b03a8eecef64a3265827a5b4acaf2df7e5e7386b4bd69ef933a0c090922cbefd93fd617ea1d
SSDEEP

12288:xmhgSTvlmI8jJ0dYCng1djBQIU5NIT1AJYfRDRCT3BqIgJ:xmhgSTNC90dYZ1djBQc1dCLBqIgJ

Score

10^/10

redline sectoprat local host: pc agilenet infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

420b5e0a40b576da5f8c7898777b19bf.exe

Resource

win7-20231215-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

420b5e0a40b576da5f8c7898777b19bf.exe

Resource

win10v2004-20231222-en

redline sectoprat local host: pc agilenet infostealer rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Local Host: PC

C2

167.71.212.95:62151

Targets

- Target
  
  420b5e0a40b576da5f8c7898777b19bf
- Size
  
  988KB
- MD5
  
  420b5e0a40b576da5f8c7898777b19bf
- SHA1
  
  bb5ff994557b15a41bef1ecf1c0a1f61197e8599
- SHA256
  
  7cdb5caa02641106bcff05aac76786d387a168624e34e47b3a39ec5d054fcfe0
- SHA512
  
  aef932da27b6a3d920ad381c4add299c047a7e5f0c4d27204e475b03a8eecef64a3265827a5b4acaf2df7e5e7386b4bd69ef933a0c090922cbefd93fd617ea1d
- SSDEEP
  
  12288:xmhgSTvlmI8jJ0dYCng1djBQIU5NIT1AJYfRDRCT3BqIgJ:xmhgSTNC90dYZ1djBQc1dCLBqIgJ
Score

10^/10

redline sectoprat local host: pc agilenet infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

redlinesectopratlocal host: pcagilenetinfostealerrattrojan

© 2018-2025

Terms | Privacy