redline | dc98ef1726f2241bec4e48a438da3db98ed4d5703dd50d9bf1b18c272ff643eb | Triage

Submit
Reports

Overview

overview

Static

static

slinkyloader.exe

windows10-1703-x64

slinkyloader.exe

windows10-2004-x64

slinkyloader.exe

windows11-21h2-x64

Sharing

General

Target

slinkyloader.exe
Size

18.5MB
Sample

240420-w5df3seg46
MD5

640e7e74b5efd1bcd03a733e21e55a5f
SHA1

028ae95e3b5441f51087fed53262f487729e0696
SHA256

dc98ef1726f2241bec4e48a438da3db98ed4d5703dd50d9bf1b18c272ff643eb
SHA512

d554f5e01389fb0277d0da054fffdce710df8f2d82ca6ccc683150483bef52a972c6991169a34fc3911c3f86911fdcda0c1689669fc3bf7c1c09e68491869225
SSDEEP

393216:LKRqNWNKROYkhkpXorNv+oXsDS3LNK3HOU6x0pW/lJktSrZPLAB:WANWKRrpYrNvou7NK3uU6E29dPL

Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

slinkyloader.exe

Resource

win10-20240404-en

redline sectoprat cheat discovery infostealer rat spyware trojan

windows10-1703-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

slinkyloader.exe

Resource

win10v2004-20240412-en

redline sectoprat cheat discovery infostealer rat spyware trojan

windows10-2004-x64

12 signatures

300 seconds

Behavioral task

behavioral3

Sample

slinkyloader.exe

Resource

win11-20240412-en

redline sectoprat cheat discovery infostealer rat spyware trojan

windows11-21h2-x64

11 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

john-nil.gl.at.ply.gg:32513

Targets

- Target
  
  slinkyloader.exe
- Size
  
  18.5MB
- MD5
  
  640e7e74b5efd1bcd03a733e21e55a5f
- SHA1
  
  028ae95e3b5441f51087fed53262f487729e0696
- SHA256
  
  dc98ef1726f2241bec4e48a438da3db98ed4d5703dd50d9bf1b18c272ff643eb
- SHA512
  
  d554f5e01389fb0277d0da054fffdce710df8f2d82ca6ccc683150483bef52a972c6991169a34fc3911c3f86911fdcda0c1689669fc3bf7c1c09e68491869225
- SSDEEP
  
  393216:LKRqNWNKROYkhkpXorNv+oXsDS3LNK3HOU6x0pW/lJktSrZPLAB:WANWKRrpYrNvou7NK3uU6E29dPL
Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

behavioral2

redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

behavioral3

redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

© 2018-2024

Terms | Privacy