redline | b9bc364bca05ec2d2a55ac9689a75e6c5006137f1381a593135e723982ab964b | Triage

Submit
Reports

Overview

overview

Static

static

3

6f82a90784...1b.exe

windows7-x64

6f82a90784...1b.exe

windows10-2004-x64

Sharing

General

Target

6f82a9078456e351f1e65e0d5ab74b1b
Size

2.3MB
Sample

240122-m6mlpsegep
MD5

6f82a9078456e351f1e65e0d5ab74b1b
SHA1

7092e685d7c8d029a67c6be55545cc7a24bc2ab5
SHA256

b9bc364bca05ec2d2a55ac9689a75e6c5006137f1381a593135e723982ab964b
SHA512

45b5beac3cbdd12838093ca309ab490cc94fe2985df9c96fce0b7393628b89c94dbc566e1c64fe88b55086a2c123ce417dcb21b69caef22c8a08ebc83867c796
SSDEEP

49152:f5+hFr/Hq27Xhsqevtp+LuMwW6AcbDiJL6lhSy5Auxiz8lVHTIioOFZQ+U:f5aFrDROvtphMwBip6fSy5JxiqZ7U

Score

10^/10

redline sectoprat @whizzkid1 infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6f82a9078456e351f1e65e0d5ab74b1b.exe

Resource

win7-20231129-en

redline sectoprat @whizzkid1 infostealer rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6f82a9078456e351f1e65e0d5ab74b1b.exe

Resource

win10v2004-20231215-en

redline sectoprat @whizzkid1 infostealer rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@whizzkid1

C2

77.220.214.232:13459

Targets

- Target
  
  6f82a9078456e351f1e65e0d5ab74b1b
- Size
  
  2.3MB
- MD5
  
  6f82a9078456e351f1e65e0d5ab74b1b
- SHA1
  
  7092e685d7c8d029a67c6be55545cc7a24bc2ab5
- SHA256
  
  b9bc364bca05ec2d2a55ac9689a75e6c5006137f1381a593135e723982ab964b
- SHA512
  
  45b5beac3cbdd12838093ca309ab490cc94fe2985df9c96fce0b7393628b89c94dbc566e1c64fe88b55086a2c123ce417dcb21b69caef22c8a08ebc83867c796
- SSDEEP
  
  49152:f5+hFr/Hq27Xhsqevtp+LuMwW6AcbDiJL6lhSy5Auxiz8lVHTIioOFZQ+U:f5aFrDROvtphMwBip6fSy5JxiqZ7U
Score

10^/10

redline sectoprat @whizzkid1 infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectoprat@whizzkid1infostealerrattrojan

behavioral2

redlinesectoprat@whizzkid1infostealerrattrojan

© 2018-2024

Terms | Privacy