redline | b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec | Triage

Submit
Reports

Overview

overview

Static

static

7

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec
Size

629KB
Sample

240624-thdr8atgkj
MD5

901a623dbccaa22525373cd36195ee14
SHA1

9adb6dddb68cd7e116da9392e7ee63a8fa394495
SHA256

b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec
SHA512

eabeba0eb9ae7e39577a7e313e50807cee1b888f1c8ff0fa375e5de9451a66471c791c23ea4f4af85151f96b065d55e8c1320026d8503a048a3e5968f8effc1d
SSDEEP

12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcN6S5UesUInNnpo2R2:hBXu9HGaVHN6S5U5Rn/Y

Score

10^/10

redline sectoprat wordfile infostealer rat trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec.exe

Resource

win10v2004-20240508-en

redline sectoprat wordfile infostealer rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec.exe

Resource

win11-20240508-en

redline sectoprat wordfile infostealer rat trojan upx

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

wordfile

C2

185.38.142.10:7474

Targets

- Target
  
  b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec
- Size
  
  629KB
- MD5
  
  901a623dbccaa22525373cd36195ee14
- SHA1
  
  9adb6dddb68cd7e116da9392e7ee63a8fa394495
- SHA256
  
  b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec
- SHA512
  
  eabeba0eb9ae7e39577a7e313e50807cee1b888f1c8ff0fa375e5de9451a66471c791c23ea4f4af85151f96b065d55e8c1320026d8503a048a3e5968f8effc1d
- SSDEEP
  
  12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcN6S5UesUInNnpo2R2:hBXu9HGaVHN6S5U5Rn/Y
Score

10^/10

redline sectoprat wordfile infostealer rat trojan upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratwordfileinfostealerrattrojanupx

behavioral2

redlinesectopratwordfileinfostealerrattrojanupx

© 2018-2024

Terms | Privacy