redline | b6cb2602d54f14ce33ba6db255786bf42dfd3189e5128ed5c9ecd174de33ca2e | Triage

Sharing

General

Target

fab242df347a97973ae998ac65f81872_JaffaCakes118
Size

336KB
Sample

240419-txk5vahh6w
MD5

fab242df347a97973ae998ac65f81872
SHA1

06d5698c7056d6d7a5f09b78caf68b5d16824e9b
SHA256

b6cb2602d54f14ce33ba6db255786bf42dfd3189e5128ed5c9ecd174de33ca2e
SHA512

d680c32deee51c7008df28b3349ee1e3a4d74dd9f87a348126dbb4df82c85936c4feb9d9d2612785c14bb99462c8896df533d3c6295cf8d82107c707fb939b6d
SSDEEP

6144:PhofZoqi4FDJ1H2coVR7jLZl4vfn14Ubjxz2RHNumP/zBJ9nFqOoy:SfZon4BzQjLZl4XIFNumX39nFKy

Score

10^/10

redline sectoprat evasion infostealer persistence rat trojan

Malware Config

Extracted

Family

redline

C2

185.161.209.196:57754

Targets

- Target
  
  Company profile and introduction.exe
- Size
  
  1.3MB
- MD5
  
  a7550a4fe2c9b1f4808892c0f5be4de9
- SHA1
  
  87daa99852fd33b4cf38dd651f19fbb337a4bbf6
- SHA256
  
  72b07629a3c3636e83a2b602fd8e1a48cfaab9e3d8a97daaf4d3a053c69cd3d0
- SHA512
  
  f1a54605c6d9719f5013c9538817e3a300d049f4b212757f864d620877ceb31e41d7d4685b729c18e0ca9f3b9eacf43d6a37e37bc12c11eb1178ab19afcc96bd
- SSDEEP
  
  12288:6qD03+Id3hhQd1UAW4Fbbr1EXzzL9UdP+gB88naZ3Sb:6qD03
Score

10^/10

redline sectoprat evasion infostealer persistence rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redlinesectopratevasioninfostealerpersistencerattrojan