redline | 0abf020d43ae848495fe586a97df3d1efece4ad9ccbbbe33dba8566db514ec96 | Triage

Submit
Reports

Overview

overview

Static

static

5

b539acc51a...ad.exe

windows7-x64

b539acc51a...ad.exe

windows10-2004-x64

Sharing

General

Target

notorr.zip
Size

552KB
Sample

240708-kmd44s1ekn
MD5

8af5f2d545b6a178a36a278d09c88441
SHA1

60cec2dac90491d067c1495748ee9db83c5a5423
SHA256

0abf020d43ae848495fe586a97df3d1efece4ad9ccbbbe33dba8566db514ec96
SHA512

86fbb1751386ce3eec4ebfb0db5469a152d8cf2cb0be04f17e5ca46697d141f7011cfb9a460e8ef68e7bdf74cd97b7be893bfe8fe4aa91dec593aad055122519
SSDEEP

12288:BphBfG+wahFoNC6p1mRbaXyJL/PU4YDtcRw64ABCiMqN6GBy+O:vWC6p1NSjU7/a5bNlO

Score

10^/10

redline sectoprat french infostealer rat spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b539acc51a48e2088f90ab0a82f60f38a784105712ef57542e8e1552a1c6aaad.exe

Resource

win7-20240705-en

redline sectoprat french infostealer rat spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b539acc51a48e2088f90ab0a82f60f38a784105712ef57542e8e1552a1c6aaad.exe

Resource

win10v2004-20240704-en

redline sectoprat french infostealer rat spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

french

C2

91.92.243.245:47477

Targets

- Target
  
  b539acc51a48e2088f90ab0a82f60f38a784105712ef57542e8e1552a1c6aaad
- Size
  
  1.0MB
- MD5
  
  0a136df16d906821f105096987d43e11
- SHA1
  
  5b4478cabb9e3d2673643235aa1980df5b2ea671
- SHA256
  
  b539acc51a48e2088f90ab0a82f60f38a784105712ef57542e8e1552a1c6aaad
- SHA512
  
  2f6b8014be9e4d2fc858fcf0b66690e3a6bc4dbd25ae7c52bd69c732dafa432b86ea6ffd45304d1fa9b58b8e6ee73ff6021a47b6158d0ea061f47c5590e812de
- SSDEEP
  
  24576:AAHnh+eWsN3skA4RV1Hom2KXMmHa5R3MeYTslWVNB5:3h+ZkldoPK8Ya5R8eYSWVt
Score

10^/10

redline sectoprat french infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratfrenchinfostealerratspywaretrojan

behavioral2

redlinesectopratfrenchinfostealerratspywaretrojan

© 2018-2024

Terms | Privacy