redline | 11931b6d1c0ab24e232e80661fccb89631874a534c082dfa13dd1f2dec9a9e6a | Triage

Submit
Reports

Overview

overview

Static

static

fc614c6188...18.exe

windows7-x64

fc614c6188...18.exe

windows10-2004-x64

Sharing

General

Target

fc614c618830f267c8485e3da2b1a1b1_JaffaCakes118
Size

2.4MB
Sample

240420-kr78rade6s
MD5

fc614c618830f267c8485e3da2b1a1b1
SHA1

21116b21749dbfeefb03d88dfb34572e65452556
SHA256

11931b6d1c0ab24e232e80661fccb89631874a534c082dfa13dd1f2dec9a9e6a
SHA512

6465b830921f1807ee9a8e4d594c161d5419d984a82518053081d459a59e2b37371855a54462ec79eea430896bed73a2dbdf87183870a3f1abbdb503b272f4fd
SSDEEP

6144:jWsiQNWHmQkq4Pffnr+pRboC6wXiMol9Wcx82zTyUUviP:a04Hmb+bB6wXBQ8

Score

10^/10

redline sectoprat infostealer rat trojan vmprotect

Static task

static1

vmprotect sectoprat

4 signatures

Behavioral task

behavioral1

Sample

fc614c618830f267c8485e3da2b1a1b1_JaffaCakes118.exe

Resource

win7-20240220-en

redline sectoprat infostealer rat trojan vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc614c618830f267c8485e3da2b1a1b1_JaffaCakes118.exe

Resource

win10v2004-20240412-en

redline sectoprat infostealer rat trojan vmprotect

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc614c618830f267c8485e3da2b1a1b1_JaffaCakes118
- Size
  
  2.4MB
- MD5
  
  fc614c618830f267c8485e3da2b1a1b1
- SHA1
  
  21116b21749dbfeefb03d88dfb34572e65452556
- SHA256
  
  11931b6d1c0ab24e232e80661fccb89631874a534c082dfa13dd1f2dec9a9e6a
- SHA512
  
  6465b830921f1807ee9a8e4d594c161d5419d984a82518053081d459a59e2b37371855a54462ec79eea430896bed73a2dbdf87183870a3f1abbdb503b272f4fd
- SSDEEP
  
  6144:jWsiQNWHmQkq4Pffnr+pRboC6wXiMol9Wcx82zTyUUviP:a04Hmb+bB6wXBQ8
Score

10^/10

redline sectoprat infostealer rat trojan vmprotect
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

vmprotectsectoprat

behavioral1

redlinesectopratinfostealerrattrojanvmprotect

behavioral2

redlinesectopratinfostealerrattrojanvmprotect

© 2018-2024

Terms | Privacy