redline | d89a39d0a639ab1ddb5326ce483c9629597e4a0ff9e86e2f9f5e02736b35c138 | Triage

Submit
Reports

Overview

overview

Static

static

1

b582fac0b1...7c.exe

windows7-x64

b582fac0b1...7c.exe

windows10-2004-x64

Sharing

General

Target

d89a39d0a639ab1ddb5326ce483c9629597e4a0ff9e86e2f9f5e02736b35c138
Size

458KB
Sample

240417-q18tjabg5y
MD5

7d18993427b7a8978b9620fcbe118b81
SHA1

f6c78d3365fc5279b64cc534dd98cab8db9c0810
SHA256

d89a39d0a639ab1ddb5326ce483c9629597e4a0ff9e86e2f9f5e02736b35c138
SHA512

50c2ef484de213fb0ba19320958fcc581897bfd64dd776c08b4388c887912002671af6b668303a8a62f239a599fc830d91f13f6f846a530ad49c30e6cfc89e34
SSDEEP

12288:KBUJNnux9DYXjX7FQOjZNhvKtUnn+/JbDL/Cq:KBUHnux9DORjZDvKmnnqRDL3

Score

10^/10

redline sectoprat cheat infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c.exe

Resource

win7-20240215-en

redline sectoprat cheat infostealer rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c.exe

Resource

win10v2004-20240412-en

redline sectoprat cheat infostealer rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.244:55615

Targets

- Target
  
  b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c.exe
- Size
  
  477KB
- MD5
  
  7fb7ac175a0a249e320a5a296f4c2cd6
- SHA1
  
  8bdafce0468d3dc91f1b4000b2f289254ab1c0a4
- SHA256
  
  b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c
- SHA512
  
  456fa03a75c07f6152d332ce652cd076bb35544674f385860e99143c8f5c05bcc6c3de3abccb2fdc900fc22017e14cb7498efa6cdf46a61839d85aad4b3e7395
- SSDEEP
  
  12288:tXDZJb2c3l3MZ10ZVS3nwn3wzvqu5/WORM0a5WUkR:tXDGc3l3K0S30wziWWORMsT
Score

10^/10

redline sectoprat cheat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerrattrojan

behavioral2

redlinesectopratcheatinfostealerrattrojan

© 2018-2024

Terms | Privacy