redline | b8473f3353f532ea9867c60d794f39ad0f3438aa1aefd2fb2bfa35f8472263ca | Triage

Submit
Reports

Overview

overview

Static

static

3

081105bb99...18.exe

windows7-x64

081105bb99...18.exe

windows10-2004-x64

Sharing

General

Target

081105bb991adce12b34aa07cb346f3f_JaffaCakes118
Size

310KB
Sample

240328-rw92gahf24
MD5

081105bb991adce12b34aa07cb346f3f
SHA1

ddc840c6bb3f4c0885300881b4e96758ce0239ef
SHA256

b8473f3353f532ea9867c60d794f39ad0f3438aa1aefd2fb2bfa35f8472263ca
SHA512

96cb42dfb04818d0209b52b0cb593c5a4cff843832f2ac5295ec86f303dcb2c94285f79eb7d3d7301fd333908be29b9a7c01eded724f665fdf5be461f72f0dc9
SSDEEP

6144:00W8qw2qB/hqg6gvX4MlvEuIqm/riU42MJVx98aC3dR+:tvqzqlhv7EuI9z4H8ndR+

Score

10^/10

redline sectoprat usamoney infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

081105bb991adce12b34aa07cb346f3f_JaffaCakes118.exe

Resource

win7-20240221-en

redline sectoprat usamoney infostealer rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

081105bb991adce12b34aa07cb346f3f_JaffaCakes118.exe

Resource

win10v2004-20240226-en

redline sectoprat usamoney infostealer rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

usamoney

C2

45.142.215.47:27643

Attributes

auth_value
9491a1c5e11eb6097e68a4fa8627fda8

Targets

- Target
  
  081105bb991adce12b34aa07cb346f3f_JaffaCakes118
- Size
  
  310KB
- MD5
  
  081105bb991adce12b34aa07cb346f3f
- SHA1
  
  ddc840c6bb3f4c0885300881b4e96758ce0239ef
- SHA256
  
  b8473f3353f532ea9867c60d794f39ad0f3438aa1aefd2fb2bfa35f8472263ca
- SHA512
  
  96cb42dfb04818d0209b52b0cb593c5a4cff843832f2ac5295ec86f303dcb2c94285f79eb7d3d7301fd333908be29b9a7c01eded724f665fdf5be461f72f0dc9
- SSDEEP
  
  6144:00W8qw2qB/hqg6gvX4MlvEuIqm/riU42MJVx98aC3dR+:tvqzqlhv7EuI9z4H8ndR+
Score

10^/10

redline sectoprat usamoney infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratusamoneyinfostealerrattrojan

behavioral2

redlinesectopratusamoneyinfostealerrattrojan

© 2018-2024

Terms | Privacy