redline | 593566ca2036d2fa286d4aff7de6c1af4e567eec34a6a639ca13a853fd6e6a04 | Triage

Submit
Reports

Overview

overview

Static

static

3

684f4d1410...a4.exe

windows7-x64

1

684f4d1410...a4.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

684f4d1410efe089ca47249ce97823a4
Size

5.9MB
Sample

240119-wwjxhabccl
MD5

684f4d1410efe089ca47249ce97823a4
SHA1

6870ef41125697d616fe66059dd2a61ede679c66
SHA256

593566ca2036d2fa286d4aff7de6c1af4e567eec34a6a639ca13a853fd6e6a04
SHA512

20453d00b30865817bfabc93da6cf0cb884a4d129c651353a8d6f6ca0a4a1c90f781c3219d322649fc13de1120d60e70f3a3443442073bc542d67fb683f2388b
SSDEEP

98304:1Ng9vPvvvVvT6TtvvkvvvPvvvnvvvPvvvwgQInp9cSN+jbYi5PqaaVnCLQNM7u0C:1Ng9vPvvvVvT6TtvvkvvvPvvvnvvvPv5

Score

10^/10

redline sectoprat @heavendes agilenet infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

684f4d1410efe089ca47249ce97823a4.exe

Resource

win7-20231215-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

684f4d1410efe089ca47249ce97823a4.exe

Resource

win10v2004-20231215-en

redline sectoprat @heavendes agilenet infostealer rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@heavendes

C2

188.130.139.12:38127

Targets

- Target
  
  684f4d1410efe089ca47249ce97823a4
- Size
  
  5.9MB
- MD5
  
  684f4d1410efe089ca47249ce97823a4
- SHA1
  
  6870ef41125697d616fe66059dd2a61ede679c66
- SHA256
  
  593566ca2036d2fa286d4aff7de6c1af4e567eec34a6a639ca13a853fd6e6a04
- SHA512
  
  20453d00b30865817bfabc93da6cf0cb884a4d129c651353a8d6f6ca0a4a1c90f781c3219d322649fc13de1120d60e70f3a3443442073bc542d67fb683f2388b
- SSDEEP
  
  98304:1Ng9vPvvvVvT6TtvvkvvvPvvvnvvvPvvvwgQInp9cSN+jbYi5PqaaVnCLQNM7u0C:1Ng9vPvvvVvT6TtvvkvvvPvvvnvvvPv5
Score

10^/10

redline sectoprat @heavendes agilenet infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

redlinesectoprat@heavendesagilenetinfostealerrattrojan

© 2018-2025

Terms | Privacy