redline | da63b969039a65aa38a43a0db322d08210f5feff8dea04c86623e5c0190c4cc8 | Triage

Submit
Reports

Overview

overview

Static

static

slinkyloader.exe

windows10-2004-x64

slinkyloader.exe

windows11-21h2-x64

Sharing

General

Target

slinkyloader.exe
Size

18.5MB
Sample

240421-s5q6dseg6s
MD5

ffa4025c4dc66e6bd9c83697e8975e55
SHA1

da4abcef65277ba88aec118c6309fa8529d099c3
SHA256

da63b969039a65aa38a43a0db322d08210f5feff8dea04c86623e5c0190c4cc8
SHA512

9f32758585c6024af6530c9484e5c6cdd925ccb59fe7986415590dddd5d47f8bcf4f503bc66ea4bb911dbd8098c847de5a0185cc30bb57b45bc9e78c9889053a
SSDEEP

393216:HKRqNWNKROYkhkpXorNv+oXsDS3LNK3HOU6x0pW/lJktSrZPLAB:qANWKRrpYrNvou7NK3uU6E29dPL

Score

10^/10

redline sectoprat cheat infostealer rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

slinkyloader.exe

Resource

win10v2004-20240412-en

redline sectoprat cheat infostealer rat trojan

windows10-2004-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

slinkyloader.exe

Resource

win11-20240412-en

redline sectoprat cheat infostealer rat trojan

windows11-21h2-x64

8 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

month-washer.gl.at.ply.gg:33498

Targets

- Target
  
  slinkyloader.exe
- Size
  
  18.5MB
- MD5
  
  ffa4025c4dc66e6bd9c83697e8975e55
- SHA1
  
  da4abcef65277ba88aec118c6309fa8529d099c3
- SHA256
  
  da63b969039a65aa38a43a0db322d08210f5feff8dea04c86623e5c0190c4cc8
- SHA512
  
  9f32758585c6024af6530c9484e5c6cdd925ccb59fe7986415590dddd5d47f8bcf4f503bc66ea4bb911dbd8098c847de5a0185cc30bb57b45bc9e78c9889053a
- SSDEEP
  
  393216:HKRqNWNKROYkhkpXorNv+oXsDS3LNK3HOU6x0pW/lJktSrZPLAB:qANWKRrpYrNvou7NK3uU6E29dPL
Score

10^/10

redline sectoprat cheat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerrattrojan

behavioral2

redlinesectopratcheatinfostealerrattrojan

© 2018-2024

Terms | Privacy