redline | fad0ca06bacf9f247ac03d9366abd3ac41415e56af0ea16bdff70f6ca77ed41a | Triage

Submit
Reports

Overview

overview

Static

static

fb05824f22...18.exe

windows7-x64

fb05824f22...18.exe

windows10-2004-x64

Sharing

General

Target

fb05824f223c928ba39e91fe17364438_JaffaCakes118
Size

105KB
Sample

240419-yaxmksec5v
MD5

fb05824f223c928ba39e91fe17364438
SHA1

88c1f712f00ab3bb533b2e9e3c778f50e2147204
SHA256

fad0ca06bacf9f247ac03d9366abd3ac41415e56af0ea16bdff70f6ca77ed41a
SHA512

306e562ac8d71a0c93184a389648d07efb33116ca96a2427f5032e873fc593a5dd6fc5df6a3c5bd4e2e32043bbc6872235688e8c6763194f00a55c3206837df8
SSDEEP

1536:eo6aGrKC0K6l3UDKGl9oZP1auBw9gbue7vLuBNyAsdeAetx5REfG6WAaoigAOUr:edxGCwEHfeZ3LubyddyNW1wOUr

Score

10^/10

redline sectoprat second_7.5k infostealer rat trojan

Static task

static1

second_7.5k redline sectoprat

4 signatures

Behavioral task

behavioral1

Sample

fb05824f223c928ba39e91fe17364438_JaffaCakes118.exe

Resource

win7-20231129-en

redline sectoprat second_7.5k infostealer rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb05824f223c928ba39e91fe17364438_JaffaCakes118.exe

Resource

win10v2004-20240412-en

redline sectoprat second_7.5k infostealer rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Second_7.5K

C2

45.14.49.200:27625

Targets

- Target
  
  fb05824f223c928ba39e91fe17364438_JaffaCakes118
- Size
  
  105KB
- MD5
  
  fb05824f223c928ba39e91fe17364438
- SHA1
  
  88c1f712f00ab3bb533b2e9e3c778f50e2147204
- SHA256
  
  fad0ca06bacf9f247ac03d9366abd3ac41415e56af0ea16bdff70f6ca77ed41a
- SHA512
  
  306e562ac8d71a0c93184a389648d07efb33116ca96a2427f5032e873fc593a5dd6fc5df6a3c5bd4e2e32043bbc6872235688e8c6763194f00a55c3206837df8
- SSDEEP
  
  1536:eo6aGrKC0K6l3UDKGl9oZP1auBw9gbue7vLuBNyAsdeAetx5REfG6WAaoigAOUr:edxGCwEHfeZ3LubyddyNW1wOUr
Score

10^/10

redline sectoprat second_7.5k infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

second_7.5kredlinesectoprat

behavioral1

redlinesectopratsecond_7.5kinfostealerrattrojan

behavioral2

redlinesectopratsecond_7.5kinfostealerrattrojan

© 2018-2024

Terms | Privacy