redline | 41304c1c586ec32aa4419c81090527cb7f811919174ffddac0f5a0a384cefb9a | Triage

Submit
Reports

Overview

overview

Static

static

3

b6ff08d9ba...7b.exe

windows7-x64

b6ff08d9ba...7b.exe

windows10-2004-x64

Sharing

General

Target

b6ff08d9ba3719f53ce0b1faac6e857b
Size

378KB
Sample

240306-kk7nmsfb8v
MD5

b6ff08d9ba3719f53ce0b1faac6e857b
SHA1

01d7cd7e3131cf1c983aac7399e61235031d43c4
SHA256

41304c1c586ec32aa4419c81090527cb7f811919174ffddac0f5a0a384cefb9a
SHA512

cce5b6bb59cfd511eed18095b4e5febed22999a75aa97be923edba379226f682fdc4b78286c86c4d7ae76dfd4e5e087a45de8003c5f44642785f160be4016d1e
SSDEEP

6144:6ylYjxhUfR1GdkJEYPJqtjnsC093bVgOwoM8G4nb:nchsR1GdkJE2JqxnsC093bVgOwoW4nb

Score

10^/10

redline sectoprat focus1 infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b6ff08d9ba3719f53ce0b1faac6e857b.exe

Resource

win7-20240221-en

redline sectoprat focus1 infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b6ff08d9ba3719f53ce0b1faac6e857b.exe

Resource

win10v2004-20240226-en

redline sectoprat focus1 infostealer rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Focus1

C2

135.148.139.222:33569

Targets

- Target
  
  b6ff08d9ba3719f53ce0b1faac6e857b
- Size
  
  378KB
- MD5
  
  b6ff08d9ba3719f53ce0b1faac6e857b
- SHA1
  
  01d7cd7e3131cf1c983aac7399e61235031d43c4
- SHA256
  
  41304c1c586ec32aa4419c81090527cb7f811919174ffddac0f5a0a384cefb9a
- SHA512
  
  cce5b6bb59cfd511eed18095b4e5febed22999a75aa97be923edba379226f682fdc4b78286c86c4d7ae76dfd4e5e087a45de8003c5f44642785f160be4016d1e
- SSDEEP
  
  6144:6ylYjxhUfR1GdkJEYPJqtjnsC093bVgOwoM8G4nb:nchsR1GdkJE2JqxnsC093bVgOwoW4nb
Score

10^/10

redline sectoprat focus1 infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratfocus1infostealerrattrojan

behavioral2

redlinesectopratfocus1infostealerrattrojan

© 2018-2024

Terms | Privacy