redline | 5516baf4628cfba0938b4be5d5e8216f75e5c8159d1ca3b4f0e086b698ad2bfc | Triage

Submit
Reports

Overview

overview

Static

static

1

f4835426a0...18.exe

windows7-x64

1

f4835426a0...18.exe

windows10-2004-x64

Sharing

General

Target

f4835426a08e33b327ad9a97d707241f_JaffaCakes118
Size

1.3MB
Sample

240416-2wz7daeh37
MD5

f4835426a08e33b327ad9a97d707241f
SHA1

c7a0ebeef1a6db6cffcc50efb3b37ecd9eb8354b
SHA256

5516baf4628cfba0938b4be5d5e8216f75e5c8159d1ca3b4f0e086b698ad2bfc
SHA512

ecb9b61023a29780df112f2dcdb860ec7d0e2a74fa35b48bd7a91223f43c4682b195a37f6a9ccc92e9595e0e96dc0240472e455b8281e0003a1c8669dc611e74
SSDEEP

12288:ODSPS63YOSK3cqH3/oJ8BHkzS4MUDsRZjI7yLnQsLhBN9aTom5Oucgqtqer1pJ3L:om8KXP1qbCLhf9aTXEub6Jd1

Score

10^/10

redline sectoprat ytuploader agilenet infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

f4835426a08e33b327ad9a97d707241f_JaffaCakes118.exe

Resource

win7-20240319-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

f4835426a08e33b327ad9a97d707241f_JaffaCakes118.exe

Resource

win10v2004-20240412-en

redline sectoprat ytuploader agilenet infostealer rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

YTUploader

C2

46.17.96.37:63108

Targets

- Target
  
  f4835426a08e33b327ad9a97d707241f_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  f4835426a08e33b327ad9a97d707241f
- SHA1
  
  c7a0ebeef1a6db6cffcc50efb3b37ecd9eb8354b
- SHA256
  
  5516baf4628cfba0938b4be5d5e8216f75e5c8159d1ca3b4f0e086b698ad2bfc
- SHA512
  
  ecb9b61023a29780df112f2dcdb860ec7d0e2a74fa35b48bd7a91223f43c4682b195a37f6a9ccc92e9595e0e96dc0240472e455b8281e0003a1c8669dc611e74
- SSDEEP
  
  12288:ODSPS63YOSK3cqH3/oJ8BHkzS4MUDsRZjI7yLnQsLhBN9aTom5Oucgqtqer1pJ3L:om8KXP1qbCLhf9aTXEub6Jd1
Score

10^/10

redline sectoprat ytuploader agilenet infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

redlinesectopratytuploaderagilenetinfostealerrattrojan

© 2018-2024

Terms | Privacy