redline | e9764c7c423c909f1aa4a2ab41ac0c3fbe592a90a1cb1a98028a4fc0320af0b1 | Triage

Submit
Reports

Overview

overview

Static

static

3

bff4de75e0...62.exe

windows7-x64

5

bff4de75e0...62.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

bff4de75e08d2e4d827853bb0f72af62
Size

978KB
Sample

240311-f4z1pacg64
MD5

bff4de75e08d2e4d827853bb0f72af62
SHA1

44e7caebe4cee96fa8f9f754fdc756168a5871fa
SHA256

e9764c7c423c909f1aa4a2ab41ac0c3fbe592a90a1cb1a98028a4fc0320af0b1
SHA512

2819478d75d6635d46d30785f6828619b0da2ada65878a44084095010b7026480a80a72112927b8ae47b72445094bf8e693b0d50dd0b5238beeeff34004958a7
SSDEEP

24576:tr065nEVHc2YRQCWnwO5BqGff8NfMuYETj5mWGYlyy/2zw:trpnRwwAfwMG5mWGYlyM2

Score

10^/10

redline sectoprat @cryptex777 infostealer persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bff4de75e08d2e4d827853bb0f72af62.exe

Resource

win7-20240215-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

bff4de75e08d2e4d827853bb0f72af62.exe

Resource

win10v2004-20240226-en

redline sectoprat @cryptex777 infostealer persistence rat trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@Cryptex777

C2

109.248.203.166:29888

Targets

- Target
  
  bff4de75e08d2e4d827853bb0f72af62
- Size
  
  978KB
- MD5
  
  bff4de75e08d2e4d827853bb0f72af62
- SHA1
  
  44e7caebe4cee96fa8f9f754fdc756168a5871fa
- SHA256
  
  e9764c7c423c909f1aa4a2ab41ac0c3fbe592a90a1cb1a98028a4fc0320af0b1
- SHA512
  
  2819478d75d6635d46d30785f6828619b0da2ada65878a44084095010b7026480a80a72112927b8ae47b72445094bf8e693b0d50dd0b5238beeeff34004958a7
- SSDEEP
  
  24576:tr065nEVHc2YRQCWnwO5BqGff8NfMuYETj5mWGYlyy/2zw:trpnRwwAfwMG5mWGYlyM2
Score

10^/10

redline sectoprat @cryptex777 infostealer persistence rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinesectoprat@cryptex777infostealerpersistencerattrojan

© 2018-2025

Terms | Privacy