redline | ddb322980cc146f3f23f1e1e3eb0fd69d19efc5c08a34a5b0481ffcbf6c7e039 | Triage

Submit
Reports

Overview

overview

Static

static

3

be1e1538aa...18.exe

windows7-x64

be1e1538aa...18.exe

windows10-2004-x64

Resubmissions

04-04-2024 17:36

240404-v6lcmsed28 10

04-04-2024 17:16

240404-vs799aea45 10

Sharing

General

Target

be1e1538aa9f48074ae1075674463f4b_JaffaCakes118
Size

290KB
Sample

240404-v6lcmsed28
MD5

be1e1538aa9f48074ae1075674463f4b
SHA1

a002a4ab47938c2ea8204c3dd00ab1838652e506
SHA256

ddb322980cc146f3f23f1e1e3eb0fd69d19efc5c08a34a5b0481ffcbf6c7e039
SHA512

d38e109912c592c00f4cf454b52c5f571a42701e7b01d4058839bd7e84729d69514aeef9c1b508cb33e77784e77c37ee5f501de2d055b2fcc2ffa3f1c6dab36d
SSDEEP

6144:nh6MxJiA0cNC7YDzpUViNycPI1Os6BuSzjf:h6M330cw760KBI1NWjf

Score

10^/10

redline sectoprat uts infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

be1e1538aa9f48074ae1075674463f4b_JaffaCakes118.exe

Resource

win7-20231129-en

redline sectoprat uts infostealer rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

be1e1538aa9f48074ae1075674463f4b_JaffaCakes118.exe

Resource

win10v2004-20240226-en

redline sectoprat uts infostealer rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.20:13441

Targets

- Target
  
  be1e1538aa9f48074ae1075674463f4b_JaffaCakes118
- Size
  
  290KB
- MD5
  
  be1e1538aa9f48074ae1075674463f4b
- SHA1
  
  a002a4ab47938c2ea8204c3dd00ab1838652e506
- SHA256
  
  ddb322980cc146f3f23f1e1e3eb0fd69d19efc5c08a34a5b0481ffcbf6c7e039
- SHA512
  
  d38e109912c592c00f4cf454b52c5f571a42701e7b01d4058839bd7e84729d69514aeef9c1b508cb33e77784e77c37ee5f501de2d055b2fcc2ffa3f1c6dab36d
- SSDEEP
  
  6144:nh6MxJiA0cNC7YDzpUViNycPI1Os6BuSzjf:h6M330cw760KBI1NWjf
Score

10^/10

redline sectoprat uts infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratutsinfostealerrattrojan

behavioral2

redlinesectopratutsinfostealerrattrojan

© 2018-2024

Terms | Privacy