redline | 557b3fa206360feb6819be479141409870903732a43861f8e882e3fa5c3f96a5 | Triage

Submit
Reports

Overview

overview

Static

static

3

OeIUQP1l8XbRLqi.exe

windows7-x64

OeIUQP1l8XbRLqi.exe

windows10-2004-x64

Sharing

General

Target

OeIUQP1l8XbRLqi.exe
Size

534KB
Sample

240705-qsdy7a1gqh
MD5

c3fdf39d2d65a017f26078457440e032
SHA1

fc0aa0a24f6aaf76a95ae7c42d248db182da70ae
SHA256

557b3fa206360feb6819be479141409870903732a43861f8e882e3fa5c3f96a5
SHA512

3d6930cb8267ebeb77d6cc44b593d091a649fa0abd3fb694746c7c19b42c80140730a84a8eadefa15df7586c9464a20fda582b37c1f41f237affe8804077e5c8
SSDEEP

12288:z5mZN9d8Nf+wYA9BLhV9uWLiPgdfkxIexYHEaE+og:c96VH1VOPEkuEarf

Score

10^/10

redline sectoprat cheat discovery execution infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

OeIUQP1l8XbRLqi.exe

Resource

win7-20240221-en

redline sectoprat cheat discovery execution infostealer rat spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

OeIUQP1l8XbRLqi.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

161.129.65.145:4483

Targets

- Target
  
  OeIUQP1l8XbRLqi.exe
- Size
  
  534KB
- MD5
  
  c3fdf39d2d65a017f26078457440e032
- SHA1
  
  fc0aa0a24f6aaf76a95ae7c42d248db182da70ae
- SHA256
  
  557b3fa206360feb6819be479141409870903732a43861f8e882e3fa5c3f96a5
- SHA512
  
  3d6930cb8267ebeb77d6cc44b593d091a649fa0abd3fb694746c7c19b42c80140730a84a8eadefa15df7586c9464a20fda582b37c1f41f237affe8804077e5c8
- SSDEEP
  
  12288:z5mZN9d8Nf+wYA9BLhV9uWLiPgdfkxIexYHEaE+og:c96VH1VOPEkuEarf
Score

10^/10

redline sectoprat cheat discovery execution infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatdiscoveryexecutioninfostealerratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy