redline

General

Target

Product list.exe
Size

95KB
Sample

240709-ya8d3staqc
MD5

45bf76828c1b68edb48a4e17355112d7
SHA1

282c890f0e45088428e77e9a50e352e3ff08a12e
SHA256

71e6d3cc40ab87f663601e3fb63630c08fc48b1ff287777d4e7bdc738daedbac
SHA512

31e6c168a7b6de2fa32efa8cf2db6a81c182bb7ebb67cb54133c0ae7a50a36d81ea7a7e9fdcd303b199bab6a4be0980ba97422f524b77eb17285d7874d6a73c7
SSDEEP

1536:xqskjlqzWlbG6jejoigIr43Ywzi0Zb78ivombfexv0ujXyyed2SteulgS6pk:fYUeYr+zi0ZbYe1g0ujyzdSk

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

cetry

C2

204.14.75.2:16383

Targets

- Target
  
  Product list.exe
- Size
  
  95KB
- MD5
  
  45bf76828c1b68edb48a4e17355112d7
- SHA1
  
  282c890f0e45088428e77e9a50e352e3ff08a12e
- SHA256
  
  71e6d3cc40ab87f663601e3fb63630c08fc48b1ff287777d4e7bdc738daedbac
- SHA512
  
  31e6c168a7b6de2fa32efa8cf2db6a81c182bb7ebb67cb54133c0ae7a50a36d81ea7a7e9fdcd303b199bab6a4be0980ba97422f524b77eb17285d7874d6a73c7
- SSDEEP
  
  1536:xqskjlqzWlbG6jejoigIr43Ywzi0Zb78ivombfexv0ujXyyed2SteulgS6pk:fYUeYr+zi0ZbYe1g0ujyzdSk
Score

10^/10

redline sectoprat cetry discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

SectopRAT

SectopRAT payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2