redline | bf89362748b9e66c11aaa49ddf83b1665fe038d04225b36de4f26cffc11a0f3d | Triage

Submit
Reports

Overview

overview

Static

static

1

2d1b096a33...61.rtf

windows7-x64

2d1b096a33...61.rtf

windows10-2004-x64

1

Sharing

General

Target

2d1b096a33d1b673fd06db9f3e861761.rtf
Size

604KB
Sample

240624-tvtdfavdjn
MD5

2d1b096a33d1b673fd06db9f3e861761
SHA1

3c0a1d1bd1b54381df8769ecc173e8635fea366e
SHA256

bf89362748b9e66c11aaa49ddf83b1665fe038d04225b36de4f26cffc11a0f3d
SHA512

32156517472c8c4a6998e58bb90e0a684516a11c403d87524a8561f647901cdb9413dd71b55df4de52c88e5e522e06ee9565fc6dc653ec8f49ba5c58a3d5034e
SSDEEP

6144:IwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAqtUn:+u

Score

10^/10

redline sectoprat wordfile infostealer rat spyware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

2d1b096a33d1b673fd06db9f3e861761.rtf

Resource

win7-20240611-en

redline sectoprat wordfile infostealer rat spyware trojan upx

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

2d1b096a33d1b673fd06db9f3e861761.rtf

Resource

win10v2004-20240611-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

wordfile

C2

185.38.142.10:7474

Targets

- Target
  
  2d1b096a33d1b673fd06db9f3e861761.rtf
- Size
  
  604KB
- MD5
  
  2d1b096a33d1b673fd06db9f3e861761
- SHA1
  
  3c0a1d1bd1b54381df8769ecc173e8635fea366e
- SHA256
  
  bf89362748b9e66c11aaa49ddf83b1665fe038d04225b36de4f26cffc11a0f3d
- SHA512
  
  32156517472c8c4a6998e58bb90e0a684516a11c403d87524a8561f647901cdb9413dd71b55df4de52c88e5e522e06ee9565fc6dc653ec8f49ba5c58a3d5034e
- SSDEEP
  
  6144:IwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAqtUn:+u
Score

10^/10

redline sectoprat wordfile infostealer rat spyware trojan upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratwordfileinfostealerratspywaretrojanupx

behavioral2

© 2018-2024

Terms | Privacy