redline | d8a00ca2f91cf8e1e5fd6f428136e9723d98306a00b96f1ea835ee542f15b1a9 | Triage

Submit
Reports

Overview

overview

Static

static

3

9ad7306bec...18.exe

windows7-x64

9ad7306bec...18.exe

windows10-2004-x64

Sharing

General

Target

9ad7306bec37b580404de691f67e410a_JaffaCakes118
Size

393KB
Sample

240403-afzgcshg7t
MD5

9ad7306bec37b580404de691f67e410a
SHA1

945ceccf02fd671bdb284cd74d27ade41e250336
SHA256

d8a00ca2f91cf8e1e5fd6f428136e9723d98306a00b96f1ea835ee542f15b1a9
SHA512

358c7f04ddce202f32a13529cc26f7d80cc07fbbdd32c254c812a972f31adf7cf2e7a4d5d20d7f4b55e47de960f1faef70004d97dde04dfe07322b04f27a22a5
SSDEEP

12288:ShPmDR6l0rPIZC9YZFuhLxA3fwZGEX8cA0/M:SEDR6l0zIwMuzA34sEv

Score

10^/10

redline sectoprat paladin infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9ad7306bec37b580404de691f67e410a_JaffaCakes118.exe

Resource

win7-20240221-en

redline sectoprat paladin infostealer rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ad7306bec37b580404de691f67e410a_JaffaCakes118.exe

Resource

win10v2004-20240226-en

redline sectoprat paladin infostealer rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

188.68.201.6:10085

Attributes

auth_value
f27db372188045eefdf974196ead3dae

Targets

- Target
  
  9ad7306bec37b580404de691f67e410a_JaffaCakes118
- Size
  
  393KB
- MD5
  
  9ad7306bec37b580404de691f67e410a
- SHA1
  
  945ceccf02fd671bdb284cd74d27ade41e250336
- SHA256
  
  d8a00ca2f91cf8e1e5fd6f428136e9723d98306a00b96f1ea835ee542f15b1a9
- SHA512
  
  358c7f04ddce202f32a13529cc26f7d80cc07fbbdd32c254c812a972f31adf7cf2e7a4d5d20d7f4b55e47de960f1faef70004d97dde04dfe07322b04f27a22a5
- SSDEEP
  
  12288:ShPmDR6l0rPIZC9YZFuhLxA3fwZGEX8cA0/M:SEDR6l0zIwMuzA34sEv
Score

10^/10

redline sectoprat paladin infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratpaladininfostealerrattrojan

behavioral2

redlinesectopratpaladininfostealerrattrojan

© 2018-2024

Terms | Privacy