redline | c4645840f0dde746aa0c49ae17ff29da423fa6e409a8ecb1eeaaddf6f7c6ebe0 | Triage

Submit
Reports

Overview

overview

Static

static

5ecf0dade2...8e.exe

windows7-x64

5ecf0dade2...8e.exe

windows10-2004-x64

Sharing

General

Target

c4645840f0dde746aa0c49ae17ff29da423fa6e409a8ecb1eeaaddf6f7c6ebe0
Size

43KB
Sample

240419-v8sjqsbg2v
MD5

fa5af34f56151ce341ac8782429e7501
SHA1

6acc42b1a8d5ddc150ad44bf952ed55fd837c72f
SHA256

c4645840f0dde746aa0c49ae17ff29da423fa6e409a8ecb1eeaaddf6f7c6ebe0
SHA512

0fec00331bea2cd40a332900a76b46c2fa37fbb459bf2912eea96c6bb60d0dd926ad496e722b41762ab06423c18958a947d97db005293faf6ae3a6a897ed93e6
SSDEEP

768:KW0XabBAC8oohQcUdfB6dYfKxD+1K9wgS37bydetOBPmYWuS+iivI:KW0aN8VUdfMaf29wxbydKOdmCSjqI

Score

10^/10

redline sectoprat cheat infostealer rat trojan

Static task

static1

cheat redline sectoprat

5 signatures

Behavioral task

behavioral1

Sample

5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e.exe

Resource

win7-20240221-en

redline sectoprat cheat infostealer rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e.exe

Resource

win10v2004-20240412-en

redline sectoprat cheat infostealer rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

0.tcp.eu.ngrok.io:18950

Targets

- Target
  
  5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e.exe
- Size
  
  95KB
- MD5
  
  7a8ecbc488543dd3ce6cfe5ba9d5cd8b
- SHA1
  
  87031bf7d870ffb4a6bec6e44a38045834017b50
- SHA256
  
  5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e
- SHA512
  
  e6f9080c58f1f10fdcedb23e4efd525ad4a40573c0f69f65d8ec3f6e5de45544bd8b5b96ad6603e1b291eb6697b3ed03cd4265d9249ffe90fcc22ef977f95eef
- SSDEEP
  
  1536:Fqsgaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2/3teulgS6pQl:DfZeYP+zi0ZbYe1g0ujyzdjQ
Score

10^/10

redline sectoprat cheat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

cheatredlinesectoprat

behavioral1

redlinesectopratcheatinfostealerrattrojan

behavioral2

redlinesectopratcheatinfostealerrattrojan

© 2018-2024

Terms | Privacy