redline | 13905f844c59906aaf353a12fc820dfeb56f5f1d781ca5b20e24bb20d1542ab5 | Triage

Submit
Reports

Overview

overview

Static

static

3

7D2707C4A1...4B.exe

windows7-x64

7D2707C4A1...4B.exe

windows10-2004-x64

Sharing

General

Target

7D2707C4A1D779E025917F865C103E4B.exe
Size

776KB
Sample

240717-de1vkswbjg
MD5

7d2707c4a1d779e025917f865c103e4b
SHA1

62c0d32e2662d32951b4aa172a2be8be7f3b0fbb
SHA256

13905f844c59906aaf353a12fc820dfeb56f5f1d781ca5b20e24bb20d1542ab5
SHA512

c9ae482eba6b3eef6d1a96838862fa79a96b99297effa99255647f45e73045e9a2bbeb287a13486ac49d647947a0a7fad0f43aa59fe65174a328b227e08dbb6f
SSDEEP

24576:LYYSZ54auRRAfJhXwlsnGSKxyBp9eGqqxO5X:2GyjUP9X

Score

10^/10

redline sectoprat cheat execution infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7D2707C4A1D779E025917F865C103E4B.exe

Resource

win7-20240704-en

redline sectoprat cheat execution infostealer rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7D2707C4A1D779E025917F865C103E4B.exe

Resource

win10v2004-20240709-en

redline sectoprat cheat execution infostealer rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.57.153:55615

Targets

- Target
  
  7D2707C4A1D779E025917F865C103E4B.exe
- Size
  
  776KB
- MD5
  
  7d2707c4a1d779e025917f865c103e4b
- SHA1
  
  62c0d32e2662d32951b4aa172a2be8be7f3b0fbb
- SHA256
  
  13905f844c59906aaf353a12fc820dfeb56f5f1d781ca5b20e24bb20d1542ab5
- SHA512
  
  c9ae482eba6b3eef6d1a96838862fa79a96b99297effa99255647f45e73045e9a2bbeb287a13486ac49d647947a0a7fad0f43aa59fe65174a328b227e08dbb6f
- SSDEEP
  
  24576:LYYSZ54auRRAfJhXwlsnGSKxyBp9eGqqxO5X:2GyjUP9X
Score

10^/10

redline sectoprat cheat execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatexecutioninfostealerrattrojan

behavioral2

redlinesectopratcheatexecutioninfostealerrattrojan

© 2018-2024

Terms | Privacy