redline | 3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4 | Triage

Submit
Reports

Overview

overview

Static

static

3

3bd982f82a...f4.exe

windows10-1703-x64

3bd982f82a...f4.exe

windows10-2004-x64

3bd982f82a...f4.exe

windows11-21h2-x64

Resubmissions

29-05-2024 19:19

240529-x1mdvsff69 10

29-05-2024 15:30

240529-sxgxrabc59 10

Sharing

General

Target

3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe
Size

523KB
Sample

240529-x1mdvsff69
MD5

e336cd749eb4e599192906f8d61d0bb2
SHA1

6d431812efb3c52e0bdd44d2602bca486eacc451
SHA256

3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4
SHA512

8e18ce1501dbf77ca2af6cf6d7c0813501b2e94c61e859878370e872c93b79d7019430391b4916296e7f62079d2408a37ff0cdab0260d67b437eb88310d1fb84
SSDEEP

12288:5cO61A772/5RMH4Gj63oiwKeWq6GXiS+qdYYn86v:U+XQRMYGSFFq6G53nv

Score

10^/10

redline sectoprat xxl infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe

Resource

win10-20240404-en

redline sectoprat xxl infostealer rat trojan

windows10-1703-x64

8 signatures

120 seconds

Behavioral task

behavioral2

Sample

3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe

Resource

win10v2004-20240508-en

redline sectoprat xxl infostealer rat trojan

windows10-2004-x64

12 signatures

120 seconds

Behavioral task

behavioral3

Sample

3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe

Resource

win11-20240426-en

redline sectoprat xxl infostealer rat trojan

windows11-21h2-x64

8 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

xxl

C2

2.56.59.101:17559

Targets

- Target
  
  3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe
- Size
  
  523KB
- MD5
  
  e336cd749eb4e599192906f8d61d0bb2
- SHA1
  
  6d431812efb3c52e0bdd44d2602bca486eacc451
- SHA256
  
  3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4
- SHA512
  
  8e18ce1501dbf77ca2af6cf6d7c0813501b2e94c61e859878370e872c93b79d7019430391b4916296e7f62079d2408a37ff0cdab0260d67b437eb88310d1fb84
- SSDEEP
  
  12288:5cO61A772/5RMH4Gj63oiwKeWq6GXiS+qdYYn86v:U+XQRMYGSFFq6G53nv
Score

10^/10

redline sectoprat xxl infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratxxlinfostealerrattrojan

behavioral2

redlinesectopratxxlinfostealerrattrojan

behavioral3

redlinesectopratxxlinfostealerrattrojan

© 2018-2024

Terms | Privacy