redline | 14d7d6125f2bce6ecb7ecc0f20f47562f4aab1da54bc35e2718b942646e7aecc | Triage

Submit
Reports

Overview

overview

Static

static

3

Magtek-I38...21.exe

windows7-x64

Magtek-I38...21.exe

windows10-2004-x64

1

Resubmissions

07-01-2024 13:17

240107-qjrhxsgbdp 10

Sharing

General

Target

Magtek-I380 MAGNETIC CREDIT CARDS2021.exe
Size

18.3MB
Sample

240107-qjrhxsgbdp
MD5

fbde172b90ea19acabf815e3c433edaa
SHA1

91a4cf027936cc663104b30535f00536cabb72cc
SHA256

14d7d6125f2bce6ecb7ecc0f20f47562f4aab1da54bc35e2718b942646e7aecc
SHA512

bb4390616844ffca2c33cf47494bdbfd83010b30fe612f549c9d49c4b01ecb143f2607038639bfc0ca124068fa09d143964f53f634e09c56a8c64f58ed20b339
SSDEEP

393216:wXxhXM/bH/2hCOeW9paqMbfIHd183HOpj6l8+i8bEoQZ/85ABvyWfhXTR:wBhgbHQCO/w7IHd18XOpj6l8N8b5QZ/R

Score

10^/10

redline sectoprat black infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Magtek-I380 MAGNETIC CREDIT CARDS2021.exe

Resource

win7-20231129-en

redline sectoprat black infostealer rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Magtek-I380 MAGNETIC CREDIT CARDS2021.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

black

C2

213.136.85.189:51682

Targets

- Target
  
  Magtek-I380 MAGNETIC CREDIT CARDS2021.exe
- Size
  
  18.3MB
- MD5
  
  fbde172b90ea19acabf815e3c433edaa
- SHA1
  
  91a4cf027936cc663104b30535f00536cabb72cc
- SHA256
  
  14d7d6125f2bce6ecb7ecc0f20f47562f4aab1da54bc35e2718b942646e7aecc
- SHA512
  
  bb4390616844ffca2c33cf47494bdbfd83010b30fe612f549c9d49c4b01ecb143f2607038639bfc0ca124068fa09d143964f53f634e09c56a8c64f58ed20b339
- SSDEEP
  
  393216:wXxhXM/bH/2hCOeW9paqMbfIHd183HOpj6l8+i8bEoQZ/85ABvyWfhXTR:wBhgbHQCO/w7IHd18XOpj6l8N8b5QZ/R
Score

10^/10

redline sectoprat black infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratblackinfostealerrattrojan

behavioral2

© 2018-2024

Terms | Privacy