redline | 0d75f0e3784a1de839986484772c66b623d763ca8a38dee480cbfefbb6245219 | Triage

Submit
Reports

Overview

overview

Static

static

1620-2-0x0...ry.exe

windows7-x64

1620-2-0x0...ry.exe

windows10-2004-x64

Sharing

General

Target

1620-2-0x00000000004A0000-0x00000000004C2000-memory.dmp
Size

136KB
Sample

240720-fzpzxs1fqa
MD5

00bda418308d8253ff6356ea6e2fed07
SHA1

fedc847312da30002179c1c8e32f81851dba36cd
SHA256

0d75f0e3784a1de839986484772c66b623d763ca8a38dee480cbfefbb6245219
SHA512

ecf485eaa149e1ca5c413b2357fd9a8b9cab3b5831cdc07b82406a9a4bc72dc3a2e759a0f381ab6dabd7ed2d3baeec8f8ad00d4b556ca314ef8780ae3cf3ff6e
SSDEEP

1536:kG6qTaoigHed/g8pT0NM0MTn3qIzDmYw4o8WDLVi8nJZcI3DvvjbuVGdynvryp/P:B3epgGb3q+DmYwXVi4wIzDynzyJdDrd

Score

10^/10

redline sectoprat infostealer rat trojan

Static task

static1

redline sectoprat

5 signatures

Behavioral task

behavioral1

Sample

1620-2-0x00000000004A0000-0x00000000004C2000-memory.exe

Resource

win7-20240708-en

redline sectoprat infostealer rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

1620-2-0x00000000004A0000-0x00000000004C2000-memory.exe

Resource

win10v2004-20240709-en

redline sectoprat infostealer rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

141.94.188.138:46419

Targets

- Target
  
  1620-2-0x00000000004A0000-0x00000000004C2000-memory.dmp
- Size
  
  136KB
- MD5
  
  00bda418308d8253ff6356ea6e2fed07
- SHA1
  
  fedc847312da30002179c1c8e32f81851dba36cd
- SHA256
  
  0d75f0e3784a1de839986484772c66b623d763ca8a38dee480cbfefbb6245219
- SHA512
  
  ecf485eaa149e1ca5c413b2357fd9a8b9cab3b5831cdc07b82406a9a4bc72dc3a2e759a0f381ab6dabd7ed2d3baeec8f8ad00d4b556ca314ef8780ae3cf3ff6e
- SSDEEP
  
  1536:kG6qTaoigHed/g8pT0NM0MTn3qIzDmYw4o8WDLVi8nJZcI3DvvjbuVGdynvryp/P:B3epgGb3q+DmYwXVi4wIzDynzyJdDrd
Score

10^/10

redline sectoprat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

redlinesectoprat

behavioral1

redlinesectopratinfostealerrattrojan

behavioral2

redlinesectopratinfostealerrattrojan

© 2018-2024

Terms | Privacy