redline | aeb176b163abebf2091d26f1ded5b3278643b0aa41b8d877f2e9b05045ad9eaa | Triage

Submit
Reports

Overview

overview

Static

static

3

08f5c3a955...e2.exe

windows7-x64

08f5c3a955...e2.exe

windows10-2004-x64

Sharing

General

Target

aeb176b163abebf2091d26f1ded5b3278643b0aa41b8d877f2e9b05045ad9eaa
Size

727KB
Sample

240417-rjgjdsbc95
MD5

5b18fc7e1214ddcb0fcb357ace95fafe
SHA1

7fb4f58f096b41cdcf9b2235cf22519b918c5fc9
SHA256

aeb176b163abebf2091d26f1ded5b3278643b0aa41b8d877f2e9b05045ad9eaa
SHA512

e3781fb30dfefe1933820ebb5e5ad42e56608953d9947192c3dfefef01064a00eaf9ff5d1d04474443e03aabce2dc3f27b4b679bb5834c790381d54a69f6ec62
SSDEEP

12288:R08SSSEDcXuHafEINKBG5nHyjA9GT0ZPr//vKnpPsv+fAOIPoEzwkBt:RhSSSJXu6fEwQ0nEav6pPe+f1Q0Yt

Score

10^/10

redline sectoprat cheat infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

08f5c3a955867e25c57530a0a18e6b32d32da0426bc8693c6776e1f6bdab36e2.exe

Resource

win7-20231129-en

redline sectoprat cheat infostealer rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

08f5c3a955867e25c57530a0a18e6b32d32da0426bc8693c6776e1f6bdab36e2.exe

Resource

win10v2004-20240412-en

redline sectoprat cheat infostealer rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.81:55615

Targets

- Target
  
  08f5c3a955867e25c57530a0a18e6b32d32da0426bc8693c6776e1f6bdab36e2.exe
- Size
  
  832KB
- MD5
  
  5012f29780880ad288bf842c576af67a
- SHA1
  
  2b36ea8fe138b32533bce35d8b2e0042e61e055b
- SHA256
  
  08f5c3a955867e25c57530a0a18e6b32d32da0426bc8693c6776e1f6bdab36e2
- SHA512
  
  414fd70c613ce5a5af2ce8dbe965d412b5b4f816ba3c0a96c1964f7906a236310d64bcd53ab44949f4ca72953d36bed4d405db4d2f98fc96875d09858e199ec3
- SSDEEP
  
  24576:bxLsMs8WdZ789WO7Xw6Ez4hHkpXqxB2lCyHIN:Jsldm9WOcsSpar2lFIN
Score

10^/10

redline sectoprat cheat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerrattrojan

behavioral2

redlinesectopratcheatinfostealerrattrojan

© 2018-2024

Terms | Privacy