redline | b8e902d0a3a533b5a9f495f58c69692ae79917fbf9fa7829a9c52d4012e7a060 | Triage

Submit
Reports

Overview

overview

Static

static

3

e2d959b367...18.exe

windows7-x64

e2d959b367...18.exe

windows10-2004-x64

Sharing

General

Target

e2d959b36754b37727ef0c54b11ef3cf_JaffaCakes118
Size

606KB
Sample

240406-sxx9qsdc6w
MD5

e2d959b36754b37727ef0c54b11ef3cf
SHA1

fffc93eec7deeda7d17ab729f89d4c5e01d781cf
SHA256

b8e902d0a3a533b5a9f495f58c69692ae79917fbf9fa7829a9c52d4012e7a060
SHA512

9a1b180bdba8fa4d0e4c8e9e3417653278d531811ac4cfe89ad988690e006bbb531824d4c1b5c94b07b1f7f98fa47d6b8a5c64a1be2818084e60e25c2b45c807
SSDEEP

12288:Wk0ryoZx5eA1GoeW6kZ5mW/tpy1UV5bO/Zj+t:LqB13eW

Score

10^/10

redline sectoprat nanani infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e2d959b36754b37727ef0c54b11ef3cf_JaffaCakes118.exe

Resource

win7-20240319-en

redline sectoprat nanani infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

e2d959b36754b37727ef0c54b11ef3cf_JaffaCakes118.exe

Resource

win10v2004-20240226-en

redline sectoprat nanani infostealer rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

NANani

C2

87.251.71.14:89

Targets

- Target
  
  e2d959b36754b37727ef0c54b11ef3cf_JaffaCakes118
- Size
  
  606KB
- MD5
  
  e2d959b36754b37727ef0c54b11ef3cf
- SHA1
  
  fffc93eec7deeda7d17ab729f89d4c5e01d781cf
- SHA256
  
  b8e902d0a3a533b5a9f495f58c69692ae79917fbf9fa7829a9c52d4012e7a060
- SHA512
  
  9a1b180bdba8fa4d0e4c8e9e3417653278d531811ac4cfe89ad988690e006bbb531824d4c1b5c94b07b1f7f98fa47d6b8a5c64a1be2818084e60e25c2b45c807
- SSDEEP
  
  12288:Wk0ryoZx5eA1GoeW6kZ5mW/tpy1UV5bO/Zj+t:LqB13eW
Score

10^/10

redline sectoprat nanani infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratnananiinfostealerrattrojan

behavioral2

redlinesectopratnananiinfostealerrattrojan

© 2018-2024

Terms | Privacy