redline | 367158ff6626547d199aa0c12972efe731ab99550fc77bd067496bfcea941f4b | Triage

Submit
Reports

Overview

overview

Static

static

3

292ebbcc25...18.exe

windows7-x64

292ebbcc25...18.exe

windows10-2004-x64

Sharing

General

Target

292ebbcc25be8c7a9743139b938c0fef_JaffaCakes118
Size

439KB
Sample

240706-w431ca1gkh
MD5

292ebbcc25be8c7a9743139b938c0fef
SHA1

b256d83b500cafc45ff754821a8ced7d8061b767
SHA256

367158ff6626547d199aa0c12972efe731ab99550fc77bd067496bfcea941f4b
SHA512

164e32e41f0630d574070d20cc499a0a9d4502ad626d764fee440556fd0d784ce35c33c558da3ad9e3768cb3a372c6f3fd69b8f284ec912a5be38fa077ed6228
SSDEEP

12288:e8klT97igBMJM8Ajhq/dK98KGa4YR1HK53f8hit3hDyYhE:eD7jhm5

Score

10^/10

redline sectoprat new infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

292ebbcc25be8c7a9743139b938c0fef_JaffaCakes118.exe

Resource

win7-20240221-en

redline sectoprat new infostealer rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

292ebbcc25be8c7a9743139b938c0fef_JaffaCakes118.exe

Resource

win10v2004-20240704-en

redline sectoprat new infostealer rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

new

C2

91.245.253.52:38439

Targets

- Target
  
  292ebbcc25be8c7a9743139b938c0fef_JaffaCakes118
- Size
  
  439KB
- MD5
  
  292ebbcc25be8c7a9743139b938c0fef
- SHA1
  
  b256d83b500cafc45ff754821a8ced7d8061b767
- SHA256
  
  367158ff6626547d199aa0c12972efe731ab99550fc77bd067496bfcea941f4b
- SHA512
  
  164e32e41f0630d574070d20cc499a0a9d4502ad626d764fee440556fd0d784ce35c33c558da3ad9e3768cb3a372c6f3fd69b8f284ec912a5be38fa077ed6228
- SSDEEP
  
  12288:e8klT97igBMJM8Ajhq/dK98KGa4YR1HK53f8hit3hDyYhE:eD7jhm5
Score

10^/10

redline sectoprat new infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratnewinfostealerrattrojan

behavioral2

redlinesectopratnewinfostealerrattrojan

© 2018-2024

Terms | Privacy