redline | 5907b4b9f7d3ea58ea57928ab93ed29373aa5bf8db6533edd317da7f974514be | Triage

Submit
Reports

Overview

overview

Static

static

1

2203d42abe...18.exe

windows7-x64

2203d42abe...18.exe

windows10-2004-x64

Sharing

General

Target

2203d42abef458b171cc65e0cb06220a_JaffaCakes118
Size

325KB
Sample

240703-mftmbssblk
MD5

2203d42abef458b171cc65e0cb06220a
SHA1

01e335d69c507d6f236ca1e94ebda49b12e37a80
SHA256

5907b4b9f7d3ea58ea57928ab93ed29373aa5bf8db6533edd317da7f974514be
SHA512

8a4a7539adfad73424d68a36d34cb0ce6753443892f699a86348fd403cf003dab7346fde3bf9ae158e7cce39876d1af2d74b599821ccf7a481ea4bd607062656
SSDEEP

6144:Nog6HWHerPZ9NWVHPjBrScBWigGUWWWWWW+d7WTi6x38O/F2+ZbM35qGcBgKvKRu:Nl7+LZ9c7BWigGUWWWWWWk6Ti6x38OAM

Score

10^/10

redline sectoprat 4 infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

2203d42abef458b171cc65e0cb06220a_JaffaCakes118.exe

Resource

win7-20240220-en

redline sectoprat 4 infostealer rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

2203d42abef458b171cc65e0cb06220a_JaffaCakes118.exe

Resource

win10v2004-20240508-en

redline sectoprat 4 infostealer rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

4

C2

80.87.192.249:16640

Attributes

auth_value
3e4c638c72124e45bcf5164456741cce

Targets

- Target
  
  2203d42abef458b171cc65e0cb06220a_JaffaCakes118
- Size
  
  325KB
- MD5
  
  2203d42abef458b171cc65e0cb06220a
- SHA1
  
  01e335d69c507d6f236ca1e94ebda49b12e37a80
- SHA256
  
  5907b4b9f7d3ea58ea57928ab93ed29373aa5bf8db6533edd317da7f974514be
- SHA512
  
  8a4a7539adfad73424d68a36d34cb0ce6753443892f699a86348fd403cf003dab7346fde3bf9ae158e7cce39876d1af2d74b599821ccf7a481ea4bd607062656
- SSDEEP
  
  6144:Nog6HWHerPZ9NWVHPjBrScBWigGUWWWWWW+d7WTi6x38O/F2+ZbM35qGcBgKvKRu:Nl7+LZ9c7BWigGUWWWWWWk6Ti6x38OAM
Score

10^/10

redline sectoprat 4 infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectoprat4infostealerrattrojan

behavioral2

redlinesectoprat4infostealerrattrojan

© 2018-2024

Terms | Privacy