redline | df79ead3404abbe61bf19023a7bd429149ab8da9e487d9726ca14d18ce3730dc | Triage

Submit
Reports

Overview

overview

Static

static

1

f9bb58b3f2...18.exe

windows7-x64

f9bb58b3f2...18.exe

windows10-2004-x64

Sharing

General

Target

f9bb58b3f2ba2c08c54ce5b5be527a11_JaffaCakes118
Size

397KB
Sample

240419-hhtb5acb5s
MD5

f9bb58b3f2ba2c08c54ce5b5be527a11
SHA1

68397aec23aacd76c91699c4029724903349ac1f
SHA256

df79ead3404abbe61bf19023a7bd429149ab8da9e487d9726ca14d18ce3730dc
SHA512

62bb4ac29d0966452ca6ff52f1647392e9bfc1aeed80326ac48a45e70f9ca766f43fe2c86d5e960590f004ebcc9df1eac8b2b2b68837e41910abac82b11544f0
SSDEEP

12288:qM4ESMnqoagsEvUcgSaA1mP3XD5vLMA5ApN03OEO7CaokURFmPg:ir

Score

10^/10

redline sectoprat 29_7_6lk infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

f9bb58b3f2ba2c08c54ce5b5be527a11_JaffaCakes118.exe

Resource

win7-20240221-en

redline sectoprat 29_7_6lk infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f9bb58b3f2ba2c08c54ce5b5be527a11_JaffaCakes118.exe

Resource

win10v2004-20240412-en

redline sectoprat 29_7_6lk infostealer rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

29_7_6lk

C2

zertypelil.xyz:80

Targets

- Target
  
  f9bb58b3f2ba2c08c54ce5b5be527a11_JaffaCakes118
- Size
  
  397KB
- MD5
  
  f9bb58b3f2ba2c08c54ce5b5be527a11
- SHA1
  
  68397aec23aacd76c91699c4029724903349ac1f
- SHA256
  
  df79ead3404abbe61bf19023a7bd429149ab8da9e487d9726ca14d18ce3730dc
- SHA512
  
  62bb4ac29d0966452ca6ff52f1647392e9bfc1aeed80326ac48a45e70f9ca766f43fe2c86d5e960590f004ebcc9df1eac8b2b2b68837e41910abac82b11544f0
- SSDEEP
  
  12288:qM4ESMnqoagsEvUcgSaA1mP3XD5vLMA5ApN03OEO7CaokURFmPg:ir
Score

10^/10

redline sectoprat 29_7_6lk infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectoprat29_7_6lkinfostealerrattrojan

behavioral2

redlinesectoprat29_7_6lkinfostealerrattrojan

© 2018-2024

Terms | Privacy