redline | c53de948fe708fed4f6037f916d90918f66421bb53ecaa69124085e7e06ecf58 | Triage

Submit
Reports

Overview

overview

Static

static

1

b582fac0b1...7c.exe

windows7-x64

b582fac0b1...7c.exe

windows10-2004-x64

Sharing

General

Target

c53de948fe708fed4f6037f916d90918f66421bb53ecaa69124085e7e06ecf58
Size

458KB
Sample

240417-qhr33aae4v
MD5

7856534b86c5f4b19b21959e1bdc5941
SHA1

35d928ad1ead4f4e0fe32807c3757780e4669c4c
SHA256

c53de948fe708fed4f6037f916d90918f66421bb53ecaa69124085e7e06ecf58
SHA512

38ce3fcac79c0d370510d0860ea81b0fdfb0dd2b542e69092c8ace2157974623cf3e338f555a724f8056ddef26f8db7ec8d5ebdcd9edad77223b959aba93fdee
SSDEEP

12288:e4LOfhGvL2vb49LS6dVYIsUChBpOiEpu3bg1QPh:eaAhWhd1dV4ZB6881Q5

Score

10^/10

redline sectoprat cheat infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c.exe

Resource

win7-20240221-en

redline sectoprat cheat infostealer rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c.exe

Resource

win10v2004-20240412-en

redline sectoprat cheat infostealer rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.244:55615

Targets

- Target
  
  b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c.exe
- Size
  
  477KB
- MD5
  
  7fb7ac175a0a249e320a5a296f4c2cd6
- SHA1
  
  8bdafce0468d3dc91f1b4000b2f289254ab1c0a4
- SHA256
  
  b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c
- SHA512
  
  456fa03a75c07f6152d332ce652cd076bb35544674f385860e99143c8f5c05bcc6c3de3abccb2fdc900fc22017e14cb7498efa6cdf46a61839d85aad4b3e7395
- SSDEEP
  
  12288:tXDZJb2c3l3MZ10ZVS3nwn3wzvqu5/WORM0a5WUkR:tXDGc3l3K0S30wziWWORMsT
Score

10^/10

redline sectoprat cheat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerrattrojan

behavioral2

redlinesectopratcheatinfostealerrattrojan

© 2018-2024

Terms | Privacy