redline | 37cdcbf1a254917646199a07442c5d67c4cca28ced381c0d79b14224e8fdca5f | Triage

Submit
Reports

Overview

overview

Static

static

Slinky.exe

windows10-1703-x64

Slinky.exe

windows10-2004-x64

Slinky.exe

windows11-21h2-x64

Sharing

General

Target

Slinky.exe
Size

18.5MB
Sample

240420-xcb8zsfe3v
MD5

7c1e228c63aef5d1775c065a5597cccf
SHA1

9d5768654e927ba34a1a2e4a8a850a9dc6350e0d
SHA256

37cdcbf1a254917646199a07442c5d67c4cca28ced381c0d79b14224e8fdca5f
SHA512

a6f902dacc333ab12e8b4d1d395d007cd7100253aa2ab2b49bc3749f42064f99215e370a301b0e07f34c681fb1a9ebe0a45f4cc00119fbaa5f6309560f325db0
SSDEEP

393216:TKRqNWNKROYkhkpXorNv+oXsDS3LNK3HOU6x0pW/lJktSrZPLAB:eANWKRrpYrNvou7NK3uU6E29dPL

Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Slinky.exe

Resource

win10-20240404-en

redline sectoprat cheat discovery infostealer rat spyware trojan

windows10-1703-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

Slinky.exe

Resource

win10v2004-20240412-en

redline sectoprat cheat discovery infostealer rat spyware trojan

windows10-2004-x64

12 signatures

300 seconds

Behavioral task

behavioral3

Sample

Slinky.exe

Resource

win11-20240412-en

redline sectoprat cheat discovery infostealer rat spyware trojan

windows11-21h2-x64

11 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

147.185.221.19:32513

Targets

- Target
  
  Slinky.exe
- Size
  
  18.5MB
- MD5
  
  7c1e228c63aef5d1775c065a5597cccf
- SHA1
  
  9d5768654e927ba34a1a2e4a8a850a9dc6350e0d
- SHA256
  
  37cdcbf1a254917646199a07442c5d67c4cca28ced381c0d79b14224e8fdca5f
- SHA512
  
  a6f902dacc333ab12e8b4d1d395d007cd7100253aa2ab2b49bc3749f42064f99215e370a301b0e07f34c681fb1a9ebe0a45f4cc00119fbaa5f6309560f325db0
- SSDEEP
  
  393216:TKRqNWNKROYkhkpXorNv+oXsDS3LNK3HOU6x0pW/lJktSrZPLAB:eANWKRrpYrNvou7NK3uU6E29dPL
Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

behavioral2

redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

behavioral3

redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

© 2018-2024

Terms | Privacy