redline | fbfc3b16c84c52caf89196f4340d5725cfd1b95b31603b4b9c9119ed73a0d2dd | Triage

Submit
Reports

Overview

overview

Static

static

1

cd3b868bc3...e5.exe

windows7-x64

cd3b868bc3...e5.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

cd3b868bc32923f0594cd595c9914be5
Size

338KB
Sample

240316-f69ynsch9y
MD5

cd3b868bc32923f0594cd595c9914be5
SHA1

78999abb16a82feae55918e7b1a4c1fd4333bae2
SHA256

fbfc3b16c84c52caf89196f4340d5725cfd1b95b31603b4b9c9119ed73a0d2dd
SHA512

64eebab73d0ec4fbca54829bc1d24adce9df79480919e78ad649bc7909cd7a8ed584e5bedf00c13d58c3c7564e4c7092208745792772762d94e88ba6404ee5d2
SSDEEP

6144:IeZn/oGcW4pp30+JVdYDoQRGaB4giSR7U3EwWx9bOHkrka:IeFQGcWUkWSPBDiWtyEIa

Score

10^/10

redline sectoprat zgrat @chmoeblan1 infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

cd3b868bc32923f0594cd595c9914be5.exe

Resource

win7-20240221-en

redline sectoprat zgrat @chmoeblan1 infostealer rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd3b868bc32923f0594cd595c9914be5.exe

Resource

win10v2004-20240226-en

redline sectoprat zgrat @chmoeblan1 infostealer rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@chmoeblan1

C2

45.132.104.3:52352

Targets

- Target
  
  cd3b868bc32923f0594cd595c9914be5
- Size
  
  338KB
- MD5
  
  cd3b868bc32923f0594cd595c9914be5
- SHA1
  
  78999abb16a82feae55918e7b1a4c1fd4333bae2
- SHA256
  
  fbfc3b16c84c52caf89196f4340d5725cfd1b95b31603b4b9c9119ed73a0d2dd
- SHA512
  
  64eebab73d0ec4fbca54829bc1d24adce9df79480919e78ad649bc7909cd7a8ed584e5bedf00c13d58c3c7564e4c7092208745792772762d94e88ba6404ee5d2
- SSDEEP
  
  6144:IeZn/oGcW4pp30+JVdYDoQRGaB4giSR7U3EwWx9bOHkrka:IeFQGcWUkWSPBDiWtyEIa
Score

10^/10

redline sectoprat zgrat @chmoeblan1 infostealer rat trojan
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratzgrat@chmoeblan1infostealerrattrojan

behavioral2

redlinesectopratzgrat@chmoeblan1infostealerrattrojan

© 2018-2025

Terms | Privacy