redline | 4bcbff5df4ab37bc39613971d298c2b9448fd120195645e21f81766fa7e00e33 | Triage

Submit
Reports

Overview

overview

Static

static

3

cbf26eb04d...35.exe

windows7-x64

cbf26eb04d...35.exe

windows10-2004-x64

Sharing

General

Target

4bcbff5df4ab37bc39613971d298c2b9448fd120195645e21f81766fa7e00e33
Size

747KB
Sample

240515-nnfk4sfe43
MD5

fa4130db99967bb6d9b5f1ffbf1e9be7
SHA1

f3415db5e08057b55efbb588e56cc87610cdbc0d
SHA256

4bcbff5df4ab37bc39613971d298c2b9448fd120195645e21f81766fa7e00e33
SHA512

1056b468fa753ea74831ad21cc82138a6a4bf2afaaeefe9ef9c41550d17ecfa8ecbcb5e8c255a261bb53beea1e7b806e8b919e5e2e993c4156a65da2f6339bf0
SSDEEP

12288:CjKhRdrcurLfbjnBJ+Du0DWYoja1AMRpuZnp2Qh2HkSl692Ro5KfHtty/qL2mfXC:H4cjpwkYwcp8pHQHkS02RfPxv/C

Score

10^/10

redline sectoprat cheat execution infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cbf26eb04d7e44410aff2c8768f380ff4c2c83bd98d338d53dbe0d8ec6aeb635.exe

Resource

win7-20240221-en

redline sectoprat cheat execution infostealer rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

cbf26eb04d7e44410aff2c8768f380ff4c2c83bd98d338d53dbe0d8ec6aeb635.exe

Resource

win10v2004-20240508-en

redline sectoprat cheat execution infostealer rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.137.22.143:55615

Targets

- Target
  
  cbf26eb04d7e44410aff2c8768f380ff4c2c83bd98d338d53dbe0d8ec6aeb635.exe
- Size
  
  910KB
- MD5
  
  393e9ff21a92891703cf37da4af305f3
- SHA1
  
  4f2f1dd986988ba60d31f95b2cd0a4a9c5a700b7
- SHA256
  
  cbf26eb04d7e44410aff2c8768f380ff4c2c83bd98d338d53dbe0d8ec6aeb635
- SHA512
  
  089c37b3405894ed38e73dda352ce95e86f56b72f0454ab60835be87d79473009af121625758d5e8733963575afc50425cf1a1739bd3058aa165290566133c0e
- SSDEEP
  
  24576:hBqNnb4XlUfMDsZGcZYJHTmMAvRVXI7tHIRRu:hYnbuyEDsZ7ZYNCMAvRWtHEI
Score

10^/10

redline sectoprat cheat execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatexecutioninfostealerrattrojan

behavioral2

redlinesectopratcheatexecutioninfostealerrattrojan

© 2018-2024

Terms | Privacy