redline | 7f40bfb86707faf0ec8978614840ab858320d1978bc351546833272b7b70c854 | Triage

Submit
Reports

Overview

overview

Static

static

1

redline.exe

windows7-x64

redline.exe

windows10-2004-x64

Sharing

General

Target

redline.exe
Size

601KB
Sample

240617-lzcx9awanf
MD5

14de93c0296fd8e1225cfd59f2730678
SHA1

a017765841e4248df55ca237181d6ce3ee946965
SHA256

7f40bfb86707faf0ec8978614840ab858320d1978bc351546833272b7b70c854
SHA512

583a7fa2c40c7d3f94a88e29c98ab5d0c0344d3edec5622087ed6fd4af22b8b887f909e69bde07e6fbe2f18cb0c2904a0281df3a90058a480f66b4068037411a
SSDEEP

12288:4ndXtfET7WNu/zpA3F4RfgZN3anuv738RgwpVlG/AEB0kR:qd920lF4RfsBj3ggww/J

Score

10^/10

redline sectoprat cheat execution infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

redline.exe

Resource

win7-20240508-en

redline sectoprat cheat execution infostealer rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

redline.exe

Resource

win10v2004-20240226-en

redline sectoprat cheat execution infostealer rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.77:55615

Targets

- Target
  
  redline.exe
- Size
  
  601KB
- MD5
  
  14de93c0296fd8e1225cfd59f2730678
- SHA1
  
  a017765841e4248df55ca237181d6ce3ee946965
- SHA256
  
  7f40bfb86707faf0ec8978614840ab858320d1978bc351546833272b7b70c854
- SHA512
  
  583a7fa2c40c7d3f94a88e29c98ab5d0c0344d3edec5622087ed6fd4af22b8b887f909e69bde07e6fbe2f18cb0c2904a0281df3a90058a480f66b4068037411a
- SSDEEP
  
  12288:4ndXtfET7WNu/zpA3F4RfgZN3anuv738RgwpVlG/AEB0kR:qd920lF4RfsBj3ggww/J
Score

10^/10

redline sectoprat cheat execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatexecutioninfostealerrattrojan

behavioral2

redlinesectopratcheatexecutioninfostealerrattrojan

© 2018-2024

Terms | Privacy