redline | 59eeafa1a036a240d2e5ef549ddd90c5cb484f27dfa94a5f1af91a7e13f380b1 | Triage

Submit
Reports

Overview

overview

Static

static

1

Update.bat

windows10-1703-x64

Update.bat

windows10-2004-x64

Update.bat

windows11-21h2-x64

Sharing

General

Target

Update.bat
Size

90KB
Sample

240519-te6c3aed4w
MD5

3ad42ff8b873ba057e56908c4a9a2830
SHA1

aa377371f4aa319ac8367809229397e8cbe984f9
SHA256

59eeafa1a036a240d2e5ef549ddd90c5cb484f27dfa94a5f1af91a7e13f380b1
SHA512

e8c96bd11670e299f7ffff4bd1bdb5e56ea65051739fb6ade5269a307742a391af4ad1a9fe19828cb8a5422f317cfc1da31788a7e9478725dbb75b5b4ba867c1
SSDEEP

1536:ZSXLurkFJ+8TTbUGxintEI0l5a82Nx7GokVsIwX8ao8vpCoB9r6b38H1xlWlazf:ZSXLuInDintF0ba82NZbX9ManBCipZ

Score

10^/10

redline sectoprat hone_-_installer execution infostealer rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Update.bat

Resource

win10-20240404-en

redline sectoprat hone_-_installer execution infostealer rat spyware trojan

windows10-1703-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Update.bat

Resource

win10v2004-20240508-en

redline sectoprat hone_-_installer execution infostealer rat spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

Update.bat

Resource

win11-20240419-en

redline sectoprat hone_-_installer execution infostealer rat spyware trojan

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Hone_-_Installer

C2

above-collect.gl.at.ply.gg:58881

Targets

- Target
  
  Update.bat
- Size
  
  90KB
- MD5
  
  3ad42ff8b873ba057e56908c4a9a2830
- SHA1
  
  aa377371f4aa319ac8367809229397e8cbe984f9
- SHA256
  
  59eeafa1a036a240d2e5ef549ddd90c5cb484f27dfa94a5f1af91a7e13f380b1
- SHA512
  
  e8c96bd11670e299f7ffff4bd1bdb5e56ea65051739fb6ade5269a307742a391af4ad1a9fe19828cb8a5422f317cfc1da31788a7e9478725dbb75b5b4ba867c1
- SSDEEP
  
  1536:ZSXLurkFJ+8TTbUGxintEI0l5a82Nx7GokVsIwX8ao8vpCoB9r6b38H1xlWlazf:ZSXLuInDintF0ba82NZbX9ManBCipZ
Score

10^/10

redline sectoprat hone_-_installer execution infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Blocklisted process makes network request
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectoprathone_-_installerexecutioninfostealerratspywaretrojan

behavioral2

redlinesectoprathone_-_installerexecutioninfostealerratspywaretrojan

behavioral3

redlinesectoprathone_-_installerexecutioninfostealerratspywaretrojan

© 2018-2024

Terms | Privacy