redline | f632f39fb5dc1c4af05bd37682902f6be4ecbde81ff238379d94ade4350d7fdc | Triage

Submit
Reports

Overview

overview

Static

static

7

ddd05c5fdc...18.exe

windows7-x64

ddd05c5fdc...18.exe

windows10-2004-x64

Sharing

General

Target

ddd05c5fdc0a8cb19404ad9cd2d460da_JaffaCakes118
Size

5.8MB
Sample

240406-hf269acg6y
MD5

ddd05c5fdc0a8cb19404ad9cd2d460da
SHA1

a292b7ee770bc41d586f0d7b1e68da47916b97a3
SHA256

f632f39fb5dc1c4af05bd37682902f6be4ecbde81ff238379d94ade4350d7fdc
SHA512

c5fc34fbe5e5ba4a3610ebebe2ad23bf20ea3fbd9c334a5a4e0b8de2fa5d659101d08bcc9c6c7352ad18bbe7b0acdd2af87eb18200daae1205c39282d4872f5a
SSDEEP

98304:FdaCnigRI+l1Q8cw9jdGVa1EXvpKd6R5na8+I5iQ+DouBGve6kP9Dg0zso6ydvrH:Fd/JRI+ziw9JGVa1upKdglCquBGvOvsw

Score

10^/10

redline sectoprat installs infostealer rat trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ddd05c5fdc0a8cb19404ad9cd2d460da_JaffaCakes118.exe

Resource

win7-20240221-en

redline sectoprat installs infostealer rat trojan vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ddd05c5fdc0a8cb19404ad9cd2d460da_JaffaCakes118.exe

Resource

win10v2004-20240226-en

redline sectoprat installs infostealer rat trojan vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

installs

C2

138.124.186.66:3552

Targets

- Target
  
  ddd05c5fdc0a8cb19404ad9cd2d460da_JaffaCakes118
- Size
  
  5.8MB
- MD5
  
  ddd05c5fdc0a8cb19404ad9cd2d460da
- SHA1
  
  a292b7ee770bc41d586f0d7b1e68da47916b97a3
- SHA256
  
  f632f39fb5dc1c4af05bd37682902f6be4ecbde81ff238379d94ade4350d7fdc
- SHA512
  
  c5fc34fbe5e5ba4a3610ebebe2ad23bf20ea3fbd9c334a5a4e0b8de2fa5d659101d08bcc9c6c7352ad18bbe7b0acdd2af87eb18200daae1205c39282d4872f5a
- SSDEEP
  
  98304:FdaCnigRI+l1Q8cw9jdGVa1EXvpKd6R5na8+I5iQ+DouBGve6kP9Dg0zso6ydvrH:Fd/JRI+ziw9JGVa1upKdglCquBGvOvsw
Score

10^/10

redline sectoprat installs infostealer rat trojan vmprotect
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratinstallsinfostealerrattrojanvmprotect

behavioral2

redlinesectopratinstallsinfostealerrattrojanvmprotect

© 2018-2024

Terms | Privacy