redline | e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963 | Triage

Submit
Reports

Overview

overview

Static

static

3

e5e068221c...63.exe

windows7-x64

e5e068221c...63.exe

windows10-2004-x64

Sharing

General

Target

e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963
Size

1.1MB
Sample

240707-fg975stgrq
MD5

661b490ece39543114d5dd156b6a96f8
SHA1

36c124a39300b7ff411d963637431c0c7baa4915
SHA256

e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963
SHA512

496ab96263145428849eed54cd2d9402b2ed1e1e983824f357f45cc3e1df6b447f8d8f6a8cbd168b3a67cb850aef27368542cb6343541796c2cecdc53f309f18
SSDEEP

12288:jIlFI5IrYmHzd17Gg0F86zdlDCQjijwzZjlW1wBwPWAY:jKxrYmTryh7DCwij2NlWOBw+AY

Score

10^/10

redline sectoprat halle infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963.exe

Resource

win7-20240705-en

redline sectoprat halle infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963.exe

Resource

win10v2004-20240704-en

redline sectoprat halle infostealer rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

halle

C2

194.55.186.180:55123

Targets

- Target
  
  e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963
- Size
  
  1.1MB
- MD5
  
  661b490ece39543114d5dd156b6a96f8
- SHA1
  
  36c124a39300b7ff411d963637431c0c7baa4915
- SHA256
  
  e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963
- SHA512
  
  496ab96263145428849eed54cd2d9402b2ed1e1e983824f357f45cc3e1df6b447f8d8f6a8cbd168b3a67cb850aef27368542cb6343541796c2cecdc53f309f18
- SSDEEP
  
  12288:jIlFI5IrYmHzd17Gg0F86zdlDCQjijwzZjlW1wBwPWAY:jKxrYmTryh7DCwij2NlWOBw+AY
Score

10^/10

redline sectoprat halle infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectoprathalleinfostealerrattrojan

behavioral2

redlinesectoprathalleinfostealerrattrojan

© 2018-2024

Terms | Privacy