redline | 2040517dac0b553d4a589bb8c14ca4329022e0ce5e5d0ef0f2c08a2deb10fb5b | Triage

Submit
Reports

Overview

overview

Static

static

1

8a1995805a...87.exe

windows7-x64

8a1995805a...87.exe

windows10-2004-x64

Sharing

General

Target

8a1995805ad65999ec546a1074ac9887
Size

1.6MB
Sample

240202-vylcnsbcd3
MD5

8a1995805ad65999ec546a1074ac9887
SHA1

11d5589ca5ebb127ea57b89ee5da89e0b64fa4c6
SHA256

2040517dac0b553d4a589bb8c14ca4329022e0ce5e5d0ef0f2c08a2deb10fb5b
SHA512

cad4e187956e4db24d291ea725caf89439440eb97ebe9fa76438b76ada66ecc01a4143bf688c6506ec5148c79338e7f581305d2cb8ad17552c558c62706ae777
SSDEEP

24576:HK+3Ydk145I7qRZPNHNtlGkrmwRGPoN7vdiTbnFMI3YqQl55T:HK+I045xRVNXUIm/PoiMIov

Score

10^/10

redline sectoprat mastif infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

8a1995805ad65999ec546a1074ac9887.exe

Resource

win7-20231215-en

redline sectoprat mastif infostealer rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8a1995805ad65999ec546a1074ac9887.exe

Resource

win10v2004-20231215-en

redline sectoprat mastif infostealer rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

mastif

C2

91.121.146.23:9519

Targets

- Target
  
  8a1995805ad65999ec546a1074ac9887
- Size
  
  1.6MB
- MD5
  
  8a1995805ad65999ec546a1074ac9887
- SHA1
  
  11d5589ca5ebb127ea57b89ee5da89e0b64fa4c6
- SHA256
  
  2040517dac0b553d4a589bb8c14ca4329022e0ce5e5d0ef0f2c08a2deb10fb5b
- SHA512
  
  cad4e187956e4db24d291ea725caf89439440eb97ebe9fa76438b76ada66ecc01a4143bf688c6506ec5148c79338e7f581305d2cb8ad17552c558c62706ae777
- SSDEEP
  
  24576:HK+3Ydk145I7qRZPNHNtlGkrmwRGPoN7vdiTbnFMI3YqQl55T:HK+I045xRVNXUIm/PoiMIov
Score

10^/10

redline sectoprat mastif infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratmastifinfostealerrattrojan

behavioral2

redlinesectopratmastifinfostealerrattrojan

© 2018-2024

Terms | Privacy