redline | 89cb55fa01eddf14868bbad0ba8aebe85108c15f0cc6d9a116399d38a4eeb9ac | Triage

Submit
Reports

Overview

overview

Static

static

3

af85d1ca0f...18.exe

windows7-x64

af85d1ca0f...18.exe

windows10-2004-x64

Sharing

General

Target

af85d1ca0faa99e74bd004a0cee56166_JaffaCakes118
Size

364KB
Sample

240404-ezb8dsfa28
MD5

af85d1ca0faa99e74bd004a0cee56166
SHA1

566e9c333eac60744d83a3b45edc516067d92418
SHA256

89cb55fa01eddf14868bbad0ba8aebe85108c15f0cc6d9a116399d38a4eeb9ac
SHA512

811c847e83c068c397821c0b57202c7913453bd8a578a600cd91b03b9b0e9cfd2c2c1bd15e3f6a05ca54b586d9bab69ce67316994fa801c7e8478cabd0272c23
SSDEEP

6144:mhoSi0qgtlM7I5T5tzywCGQ6poUGh/qX7tNfVXVHQLIiu8cfo0/pW:mWSixgtlFjtzywHQ6powZGEX8cA0/M

Score

10^/10

redline sectoprat build999 infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

af85d1ca0faa99e74bd004a0cee56166_JaffaCakes118.exe

Resource

win7-20240221-en

redline sectoprat build999 infostealer rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

af85d1ca0faa99e74bd004a0cee56166_JaffaCakes118.exe

Resource

win10v2004-20240226-en

redline sectoprat build999 infostealer rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

build999

C2

77.232.40.127:8204

Attributes

auth_value
275ce2c87153d4e8e3cc276c686a93de

Targets

- Target
  
  af85d1ca0faa99e74bd004a0cee56166_JaffaCakes118
- Size
  
  364KB
- MD5
  
  af85d1ca0faa99e74bd004a0cee56166
- SHA1
  
  566e9c333eac60744d83a3b45edc516067d92418
- SHA256
  
  89cb55fa01eddf14868bbad0ba8aebe85108c15f0cc6d9a116399d38a4eeb9ac
- SHA512
  
  811c847e83c068c397821c0b57202c7913453bd8a578a600cd91b03b9b0e9cfd2c2c1bd15e3f6a05ca54b586d9bab69ce67316994fa801c7e8478cabd0272c23
- SSDEEP
  
  6144:mhoSi0qgtlM7I5T5tzywCGQ6poUGh/qX7tNfVXVHQLIiu8cfo0/pW:mWSixgtlFjtzywHQ6powZGEX8cA0/M
Score

10^/10

redline sectoprat build999 infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratbuild999infostealerrattrojan

behavioral2

redlinesectopratbuild999infostealerrattrojan

© 2018-2024

Terms | Privacy