redline | 08f5c3a955867e25c57530a0a18e6b32d32da0426bc8693c6776e1f6bdab36e2 | Triage

Submit
Reports

Overview

overview

Static

static

3

5012F29780...7A.exe

windows7-x64

5012F29780...7A.exe

windows10-2004-x64

Sharing

General

Target

5012F29780880AD288BF842C576AF67A.exe
Size

832KB
Sample

240301-tnp3faaa49
MD5

5012f29780880ad288bf842c576af67a
SHA1

2b36ea8fe138b32533bce35d8b2e0042e61e055b
SHA256

08f5c3a955867e25c57530a0a18e6b32d32da0426bc8693c6776e1f6bdab36e2
SHA512

414fd70c613ce5a5af2ce8dbe965d412b5b4f816ba3c0a96c1964f7906a236310d64bcd53ab44949f4ca72953d36bed4d405db4d2f98fc96875d09858e199ec3
SSDEEP

24576:bxLsMs8WdZ789WO7Xw6Ez4hHkpXqxB2lCyHIN:Jsldm9WOcsSpar2lFIN

Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5012F29780880AD288BF842C576AF67A.exe

Resource

win7-20240221-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

5012F29780880AD288BF842C576AF67A.exe

Resource

win10v2004-20240226-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.81:55615

Targets

- Target
  
  5012F29780880AD288BF842C576AF67A.exe
- Size
  
  832KB
- MD5
  
  5012f29780880ad288bf842c576af67a
- SHA1
  
  2b36ea8fe138b32533bce35d8b2e0042e61e055b
- SHA256
  
  08f5c3a955867e25c57530a0a18e6b32d32da0426bc8693c6776e1f6bdab36e2
- SHA512
  
  414fd70c613ce5a5af2ce8dbe965d412b5b4f816ba3c0a96c1964f7906a236310d64bcd53ab44949f4ca72953d36bed4d405db4d2f98fc96875d09858e199ec3
- SSDEEP
  
  24576:bxLsMs8WdZ789WO7Xw6Ez4hHkpXqxB2lCyHIN:Jsldm9WOcsSpar2lFIN
Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

behavioral2

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy