redline | 7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e | Triage

Submit
Reports

Overview

overview

Static

static

3

7e6579e044...6e.exe

windows7-x64

7e6579e044...6e.exe

windows10-2004-x64

Sharing

General

Target

7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e
Size

483KB
Sample

240308-1ypb8agh37
MD5

0f451f781771cc02b1753e5c8ec47778
SHA1

d2019bbbddb88b8e643cb69c53897b169656f4af
SHA256

7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e
SHA512

2f149a4bfc4fe5a768e0faebd54be8c7f220890c7191f08b9a090fa7532e53c84e7a75b404ca1f4a84af0cf26310d6958a026d5c3cca10b74a9f3098f00decce
SSDEEP

12288:n3IU8S6eUd5539WK3Is/I/v6vyV3L2Ounxp:3ItSAd5C6Ua2N4

Score

10^/10

redline sectoprat zgrat cheat infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e.exe

Resource

win7-20240221-en

redline sectoprat zgrat cheat infostealer rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e.exe

Resource

win10v2004-20240226-en

redline sectoprat zgrat cheat infostealer rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.113:55615

Targets

- Target
  
  7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e
- Size
  
  483KB
- MD5
  
  0f451f781771cc02b1753e5c8ec47778
- SHA1
  
  d2019bbbddb88b8e643cb69c53897b169656f4af
- SHA256
  
  7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e
- SHA512
  
  2f149a4bfc4fe5a768e0faebd54be8c7f220890c7191f08b9a090fa7532e53c84e7a75b404ca1f4a84af0cf26310d6958a026d5c3cca10b74a9f3098f00decce
- SSDEEP
  
  12288:n3IU8S6eUd5539WK3Is/I/v6vyV3L2Ounxp:3ItSAd5C6Ua2N4
Score

10^/10

redline sectoprat zgrat cheat infostealer rat trojan
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratzgratcheatinfostealerrattrojan

behavioral2

redlinesectopratzgratcheatinfostealerrattrojan

© 2018-2024

Terms | Privacy