redline | 8a986d9192e2d88910a3f1546553cfe7b2e78c129581040ef3f95a7109fb041e | Triage

Submit
Reports

Overview

overview

Static

static

3

37d51043f8...18.exe

windows7-x64

37d51043f8...18.exe

windows10-2004-x64

Sharing

General

Target

37d51043f88bc8e95a32c6d56a1345f1_JaffaCakes118
Size

427KB
Sample

240330-j7caksbf5y
MD5

37d51043f88bc8e95a32c6d56a1345f1
SHA1

e8d9a1900e88f51836db8f8852563a20911284fa
SHA256

8a986d9192e2d88910a3f1546553cfe7b2e78c129581040ef3f95a7109fb041e
SHA512

aa4134f7e0ed28ddb899527796d243c2fcfcf6b3db4d5621ec8990a090232254b637e8fe61a9fc09962293f4610f3c3d59641888c7d0b41c0982398b63f0f81c
SSDEEP

12288:QRr0Z+JsMrg5iLlfygQ/cUg8EiTFMa2Wl3AFY:QeCsMU5iLQgOEiT6ZF

Score

10^/10

redline sectoprat paladin infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

37d51043f88bc8e95a32c6d56a1345f1_JaffaCakes118.exe

Resource

win7-20240221-en

redline sectoprat paladin infostealer rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

37d51043f88bc8e95a32c6d56a1345f1_JaffaCakes118.exe

Resource

win10v2004-20240226-en

redline sectoprat paladin infostealer rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

37.228.129.48:29795

Attributes

auth_value
f27db372188045eefdf974196ead3dae

Targets

- Target
  
  37d51043f88bc8e95a32c6d56a1345f1_JaffaCakes118
- Size
  
  427KB
- MD5
  
  37d51043f88bc8e95a32c6d56a1345f1
- SHA1
  
  e8d9a1900e88f51836db8f8852563a20911284fa
- SHA256
  
  8a986d9192e2d88910a3f1546553cfe7b2e78c129581040ef3f95a7109fb041e
- SHA512
  
  aa4134f7e0ed28ddb899527796d243c2fcfcf6b3db4d5621ec8990a090232254b637e8fe61a9fc09962293f4610f3c3d59641888c7d0b41c0982398b63f0f81c
- SSDEEP
  
  12288:QRr0Z+JsMrg5iLlfygQ/cUg8EiTFMa2Wl3AFY:QeCsMU5iLQgOEiT6ZF
Score

10^/10

redline sectoprat paladin infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratpaladininfostealerrattrojan

behavioral2

redlinesectopratpaladininfostealerrattrojan

© 2018-2024

Terms | Privacy