redline | c381309bd93b871a4ffecad472cb82fa30387ea32f31ca0fa23ee261aa4ad204 | Triage

Submit
Reports

Overview

overview

Static

static

3

QUOTATION#02009.exe

windows7-x64

QUOTATION#02009.exe

windows10-2004-x64

1

Sharing

General

Target

QUOTATION#02009.exe
Size

2.5MB
Sample

240703-st63gawbje
MD5

5d86465e46f3f4908c9a46d5d01d4e71
SHA1

75edb31f75d72a97a69537263bbe80bb67747d4a
SHA256

c381309bd93b871a4ffecad472cb82fa30387ea32f31ca0fa23ee261aa4ad204
SHA512

d1f2817cda26c758b82168b2640d9bc16b17d3ad5e2d2724c8d3f54542f4437bb49132cc39d905f3e7b4b1b4800f800158bc1c15644c0b1668bff81c00d751ce
SSDEEP

12288:WpsNYpx8SP/SicSylpH76uoRUxDK/Hpt9kBJGcK/:8sSpbnSictuuoRUxgtc5K/

Score

10^/10

redline sectoprat halle evasion execution infostealer rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTATION#02009.exe

Resource

win7-20240611-en

redline sectoprat halle evasion execution infostealer rat spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTATION#02009.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

halle

C2

194.55.186.180:55123

Targets

- Target
  
  QUOTATION#02009.exe
- Size
  
  2.5MB
- MD5
  
  5d86465e46f3f4908c9a46d5d01d4e71
- SHA1
  
  75edb31f75d72a97a69537263bbe80bb67747d4a
- SHA256
  
  c381309bd93b871a4ffecad472cb82fa30387ea32f31ca0fa23ee261aa4ad204
- SHA512
  
  d1f2817cda26c758b82168b2640d9bc16b17d3ad5e2d2724c8d3f54542f4437bb49132cc39d905f3e7b4b1b4800f800158bc1c15644c0b1668bff81c00d751ce
- SSDEEP
  
  12288:WpsNYpx8SP/SicSylpH76uoRUxDK/Hpt9kBJGcK/:8sSpbnSictuuoRUxgtc5K/
Score

10^/10

redline sectoprat halle evasion execution infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- UAC bypass
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectoprathalleevasionexecutioninfostealerratspywaretrojan

behavioral2

© 2018-2024

Terms | Privacy