redline | 658c50b49af49975e3a4bc1fa44337bb72dcf86b49dee68b2fa6e6dd353309b5 | Triage

Submit
Reports

Overview

overview

Static

static

3

50b2236969...18.exe

windows7-x64

50b2236969...18.exe

windows10-2004-x64

Sharing

General

Target

50b223696961a46e3f435c226b12f899_JaffaCakes118
Size

1.1MB
Sample

240331-jdhv9sgf52
MD5

50b223696961a46e3f435c226b12f899
SHA1

f7e909e182969bdb44c3ed8c2c091967c54c7957
SHA256

658c50b49af49975e3a4bc1fa44337bb72dcf86b49dee68b2fa6e6dd353309b5
SHA512

b19377b68de8d62f5bc85bc523e22b98665a163a3553ba1acafdf068957a123877118698628034c0062c1370ea012c2bbf30175f06ada2e3d5181ad6233d8c36
SSDEEP

24576:2oimILHE5B5qhuefzVHQYZVPL5n1Svs2vr+uFm3rJKDR:2bLMB4ZrlZ/TZGvyAmbJK

Score

10^/10

redline sectoprat sapphire infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

50b223696961a46e3f435c226b12f899_JaffaCakes118.exe

Resource

win7-20240215-en

redline sectoprat sapphire infostealer rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

50b223696961a46e3f435c226b12f899_JaffaCakes118.exe

Resource

win10v2004-20240226-en

redline sectoprat sapphire infostealer rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

sapphire

C2

185.230.143.237:2548

Targets

- Target
  
  50b223696961a46e3f435c226b12f899_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  50b223696961a46e3f435c226b12f899
- SHA1
  
  f7e909e182969bdb44c3ed8c2c091967c54c7957
- SHA256
  
  658c50b49af49975e3a4bc1fa44337bb72dcf86b49dee68b2fa6e6dd353309b5
- SHA512
  
  b19377b68de8d62f5bc85bc523e22b98665a163a3553ba1acafdf068957a123877118698628034c0062c1370ea012c2bbf30175f06ada2e3d5181ad6233d8c36
- SSDEEP
  
  24576:2oimILHE5B5qhuefzVHQYZVPL5n1Svs2vr+uFm3rJKDR:2bLMB4ZrlZ/TZGvyAmbJK
Score

10^/10

redline sectoprat sapphire infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratsapphireinfostealerrattrojan

behavioral2

redlinesectopratsapphireinfostealerrattrojan

© 2018-2024

Terms | Privacy