redline | 1b57c64883831484a42351afc0319f33f2dd4ed19b60461a9f65cba5bae1ecd5 | Triage

Submit
Reports

Overview

overview

Static

static

5

Contract Q...pl.exe

windows7-x64

Contract Q...pl.exe

windows10-2004-x64

Sharing

General

Target

Contract Quotation Details - Rotational Suppl.exe
Size

1.0MB
Sample

240712-bz81kswamf
MD5

715d0979fbadb19889e7963f7c33f501
SHA1

3ad746befebb85f942868a1f5338cb4e36f355e1
SHA256

1b57c64883831484a42351afc0319f33f2dd4ed19b60461a9f65cba5bae1ecd5
SHA512

639a322cf569f6d8aeb03c4ddfc8db30f81cc13ab0f3ec1fa19f644c88393adfac24964392c61b0ec213499fd5603b9d51af240aba447226b4357ff8c4571d8a
SSDEEP

24576:7AHnh+eWsN3skA4RV1Hom2KXMmHa7cGNS5Z5:Wh+ZkldoPK8Ya7crx

Score

10^/10

redline sectoprat french infostealer rat spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Contract Quotation Details - Rotational Suppl.exe

Resource

win7-20240705-en

redline sectoprat french infostealer rat spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Contract Quotation Details - Rotational Suppl.exe

Resource

win10v2004-20240709-en

redline sectoprat french infostealer rat spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

french

C2

91.92.243.245:47477

Targets

- Target
  
  Contract Quotation Details - Rotational Suppl.exe
- Size
  
  1.0MB
- MD5
  
  715d0979fbadb19889e7963f7c33f501
- SHA1
  
  3ad746befebb85f942868a1f5338cb4e36f355e1
- SHA256
  
  1b57c64883831484a42351afc0319f33f2dd4ed19b60461a9f65cba5bae1ecd5
- SHA512
  
  639a322cf569f6d8aeb03c4ddfc8db30f81cc13ab0f3ec1fa19f644c88393adfac24964392c61b0ec213499fd5603b9d51af240aba447226b4357ff8c4571d8a
- SSDEEP
  
  24576:7AHnh+eWsN3skA4RV1Hom2KXMmHa7cGNS5Z5:Wh+ZkldoPK8Ya7crx
Score

10^/10

redline sectoprat french infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratfrenchinfostealerratspywaretrojan

behavioral2

redlinesectopratfrenchinfostealerratspywaretrojan

© 2018-2024

Terms | Privacy