redline | 42d833abf34a03935caccf12b8f6c06ff9c1c85d7774cbffbe928325eb35e524 | Triage

Submit
Reports

Overview

overview

Static

static

3

c381309bd9...04.exe

windows7-x64

c381309bd9...04.exe

windows10-2004-x64

Sharing

General

Target

5d86465e46f3f4908c9a46d5d01d4e71.bin
Size

464KB
Sample

240705-b8z42asarg
MD5

c17f62cb93ed77cd36521a9d6a602574
SHA1

a8aef245f4cde1ad7071657021a37d165317bb60
SHA256

42d833abf34a03935caccf12b8f6c06ff9c1c85d7774cbffbe928325eb35e524
SHA512

c0678c6519ee31122eb4010e0d522d1e4f7d8416593d30c9c0e3637e881ea314b677a55e135f96ddcae4b939d87f8ae010d3d54c2318dbe59195b5f700ebd30c
SSDEEP

12288:YvzbhgaQGBwZMg/+n0UP74pgYsQAg1HH4g3yrab/jeMs0bVI4/pxB:YpfsaxagY51PkcxbCupxB

Score

10^/10

redline sectoprat halle evasion execution infostealer rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c381309bd93b871a4ffecad472cb82fa30387ea32f31ca0fa23ee261aa4ad204.exe

Resource

win7-20240221-en

redline sectoprat halle evasion execution infostealer rat spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c381309bd93b871a4ffecad472cb82fa30387ea32f31ca0fa23ee261aa4ad204.exe

Resource

win10v2004-20240704-en

redline sectoprat halle evasion execution infostealer rat spyware trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

halle

C2

194.55.186.180:55123

Targets

- Target
  
  c381309bd93b871a4ffecad472cb82fa30387ea32f31ca0fa23ee261aa4ad204.exe
- Size
  
  2.5MB
- MD5
  
  5d86465e46f3f4908c9a46d5d01d4e71
- SHA1
  
  75edb31f75d72a97a69537263bbe80bb67747d4a
- SHA256
  
  c381309bd93b871a4ffecad472cb82fa30387ea32f31ca0fa23ee261aa4ad204
- SHA512
  
  d1f2817cda26c758b82168b2640d9bc16b17d3ad5e2d2724c8d3f54542f4437bb49132cc39d905f3e7b4b1b4800f800158bc1c15644c0b1668bff81c00d751ce
- SSDEEP
  
  12288:WpsNYpx8SP/SicSylpH76uoRUxDK/Hpt9kBJGcK/:8sSpbnSictuuoRUxgtc5K/
Score

10^/10

redline sectoprat halle evasion execution infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectoprathalleevasionexecutioninfostealerratspywaretrojan

behavioral2

redlinesectoprathalleevasionexecutioninfostealerratspywaretrojan

© 2018-2024

Terms | Privacy