redline | 41f3407655619e79a5dfe30dbec79642df7bf01f03008f4b4a0fb8e46cf836c2 | Triage

Submit
Reports

Overview

overview

Static

static

1

fca0a74dc7...18.exe

windows7-x64

fca0a74dc7...18.exe

windows10-2004-x64

Sharing

General

Target

fca0a74dc7b6dae2e5a29c2a5ce75ced_JaffaCakes118
Size

481KB
Sample

240420-m9fbssff5y
MD5

fca0a74dc7b6dae2e5a29c2a5ce75ced
SHA1

c974110b2e7b17e631c2291b605004df70364476
SHA256

41f3407655619e79a5dfe30dbec79642df7bf01f03008f4b4a0fb8e46cf836c2
SHA512

def2d3b2a6f2de6518daa59ca1ca4290f4fa7f717235c992862c1e79743be708d8d4cf02675f824484a7c3b7ed7163a7db4b8b7fb4418339c619912a783ab672
SSDEEP

6144:HRbQgWntJThQ6pY/nG6J5wYRSneO3bIEz+j1yicnprN/mVQ/IxUHzXJfnqZJ88:HRcgWf6BGHbxzXjpxuQgKTXFnB8

Score

10^/10

redline sectoprat zgrat @keynejkee infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

fca0a74dc7b6dae2e5a29c2a5ce75ced_JaffaCakes118.exe

Resource

win7-20240221-en

redline sectoprat zgrat @keynejkee infostealer rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

fca0a74dc7b6dae2e5a29c2a5ce75ced_JaffaCakes118.exe

Resource

win10v2004-20240412-en

redline sectoprat zgrat @keynejkee infostealer rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@keynejkee

C2

45.132.104.3:18717

Targets

- Target
  
  fca0a74dc7b6dae2e5a29c2a5ce75ced_JaffaCakes118
- Size
  
  481KB
- MD5
  
  fca0a74dc7b6dae2e5a29c2a5ce75ced
- SHA1
  
  c974110b2e7b17e631c2291b605004df70364476
- SHA256
  
  41f3407655619e79a5dfe30dbec79642df7bf01f03008f4b4a0fb8e46cf836c2
- SHA512
  
  def2d3b2a6f2de6518daa59ca1ca4290f4fa7f717235c992862c1e79743be708d8d4cf02675f824484a7c3b7ed7163a7db4b8b7fb4418339c619912a783ab672
- SSDEEP
  
  6144:HRbQgWntJThQ6pY/nG6J5wYRSneO3bIEz+j1yicnprN/mVQ/IxUHzXJfnqZJ88:HRcgWf6BGHbxzXjpxuQgKTXFnB8
Score

10^/10

redline sectoprat zgrat @keynejkee infostealer rat trojan
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratzgrat@keynejkeeinfostealerrattrojan

behavioral2

redlinesectopratzgrat@keynejkeeinfostealerrattrojan

© 2018-2024

Terms | Privacy