redline | b83faaa540ef13e08d4538798104d23e5719a0c8603d238e24b5cb05dfaa166d | Triage

Submit
Reports

Overview

overview

Static

static

5ecf0dade2...8e.exe

windows7-x64

5ecf0dade2...8e.exe

windows10-2004-x64

Sharing

General

Target

b83faaa540ef13e08d4538798104d23e5719a0c8603d238e24b5cb05dfaa166d
Size

43KB
Sample

240419-t9wr4sad71
MD5

7c19cb07876ff0237882dd4f6ab96e1f
SHA1

045ccb1c04daecb7a3d8d8bd7c32dea0ec4be330
SHA256

b83faaa540ef13e08d4538798104d23e5719a0c8603d238e24b5cb05dfaa166d
SHA512

2b34c47cebc384879fbbbe8764353aff3e2eb6dc791f8ddf87ffee51971698de90b9f34f042501fed56d3c5d106d840d1ddfd4b41ec3bc18879959f117580ee5
SSDEEP

768:53eiUDGHpSHy0dEZ4mkPFRNXHn4rHkxMs4SrcW3Xg29dqMos0xr5j9T8:53ZpapdEZR2F/XlMdS/3w2W3s0x1h8

Score

10^/10

redline sectoprat cheat infostealer rat trojan

Static task

static1

cheat redline sectoprat

5 signatures

Behavioral task

behavioral1

Sample

5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e.exe

Resource

win7-20240221-en

redline sectoprat cheat infostealer rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e.exe

Resource

win10v2004-20240412-en

redline sectoprat cheat infostealer rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

0.tcp.eu.ngrok.io:18950

Targets

- Target
  
  5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e.exe
- Size
  
  95KB
- MD5
  
  7a8ecbc488543dd3ce6cfe5ba9d5cd8b
- SHA1
  
  87031bf7d870ffb4a6bec6e44a38045834017b50
- SHA256
  
  5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e
- SHA512
  
  e6f9080c58f1f10fdcedb23e4efd525ad4a40573c0f69f65d8ec3f6e5de45544bd8b5b96ad6603e1b291eb6697b3ed03cd4265d9249ffe90fcc22ef977f95eef
- SSDEEP
  
  1536:Fqsgaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2/3teulgS6pQl:DfZeYP+zi0ZbYe1g0ujyzdjQ
Score

10^/10

redline sectoprat cheat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

cheatredlinesectoprat

behavioral1

redlinesectopratcheatinfostealerrattrojan

behavioral2

redlinesectopratcheatinfostealerrattrojan

© 2018-2024

Terms | Privacy