redline | 172b6209ca78d8006297f41fded71268689f8b9be88513673af4420c12176c75 | Triage

Submit
Reports

Overview

overview

Static

static

1

d60df4a3ea...39.exe

windows7-x64

d60df4a3ea...39.exe

windows10-2004-x64

Sharing

General

Target

d60df4a3ea6bce524650ba94f6339e39
Size

1.3MB
Sample

240319-n5vrcscc7y
MD5

d60df4a3ea6bce524650ba94f6339e39
SHA1

4805dc2d49d362028d48af9142f1abbe313e78c6
SHA256

172b6209ca78d8006297f41fded71268689f8b9be88513673af4420c12176c75
SHA512

8991e4b8b7b7602c8a8c2ea69bcb537d8d9c176ff79d151a7337334366dd9c637fc057f541298e92194f5a3a346423dfb7eca0a3e0b941b3bde59232ab5dce67
SSDEEP

6144:BLlHHQKiZmkr2w1gwf4BuQLljN7geGR/6UkxChx4ZfAb7nC0WEG05iTemWT:BLlnQbx11f4ljGbFhkxChx4S95dmWT

Score

10^/10

redline sectoprat boss8 infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

d60df4a3ea6bce524650ba94f6339e39.exe

Resource

win7-20240220-en

redline sectoprat boss8 infostealer rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d60df4a3ea6bce524650ba94f6339e39.exe

Resource

win10v2004-20240226-en

redline sectoprat boss8 infostealer rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

boss8

C2

109.248.201.150:63757

Targets

- Target
  
  d60df4a3ea6bce524650ba94f6339e39
- Size
  
  1.3MB
- MD5
  
  d60df4a3ea6bce524650ba94f6339e39
- SHA1
  
  4805dc2d49d362028d48af9142f1abbe313e78c6
- SHA256
  
  172b6209ca78d8006297f41fded71268689f8b9be88513673af4420c12176c75
- SHA512
  
  8991e4b8b7b7602c8a8c2ea69bcb537d8d9c176ff79d151a7337334366dd9c637fc057f541298e92194f5a3a346423dfb7eca0a3e0b941b3bde59232ab5dce67
- SSDEEP
  
  6144:BLlHHQKiZmkr2w1gwf4BuQLljN7geGR/6UkxChx4ZfAb7nC0WEG05iTemWT:BLlnQbx11f4ljGbFhkxChx4S95dmWT
Score

10^/10

redline sectoprat boss8 infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratboss8infostealerrattrojan

behavioral2

redlinesectopratboss8infostealerrattrojan

© 2018-2024

Terms | Privacy