redline | 2f502689b799fd964bced77e57edf4206809bb11da16cf4f7895df1df54cdc97 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

3

winprofile

windows10-1703-x64

Sharing

General

Target

2f502689b799fd964bced77e57edf4206809bb11da16cf4f7895df1df54cdc97
Size

294KB
Sample

240801-2hdq8athrh
MD5

58ccb4c9da26dbf5584194406ee2f4b3
SHA1

ae91798532b747f410099ef7d0e36bffeca6361c
SHA256

2f502689b799fd964bced77e57edf4206809bb11da16cf4f7895df1df54cdc97
SHA512

dff6b4bf25fc5b5cf1a64ee645fb0310b072ec69c89a6e863cf9e0800e1d36f8dc4e567cf19c7dc8ac704d351b604cbf8d35959c3a64a10aa6b54f5c8fedb3c2
SSDEEP

6144:M3VPjut1s07wltS102nj9W0t3KMONuGfpul4EdSCM:gZjut1s0qQj9ztaMMdxop3M

Score

10^/10

redline sectoprat exodusmarket.io discovery infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2f502689b799fd964bced77e57edf4206809bb11da16cf4f7895df1df54cdc97.exe

Resource

win7-20240729-en

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

2f502689b799fd964bced77e57edf4206809bb11da16cf4f7895df1df54cdc97.exe

Resource

win10-20240404-en

redline sectoprat exodusmarket.io discovery infostealer rat trojan

windows10-1703-x64

8 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

exodusmarket.io

C2

91.92.240.111:1334

Targets

- Target
  
  2f502689b799fd964bced77e57edf4206809bb11da16cf4f7895df1df54cdc97
- Size
  
  294KB
- MD5
  
  58ccb4c9da26dbf5584194406ee2f4b3
- SHA1
  
  ae91798532b747f410099ef7d0e36bffeca6361c
- SHA256
  
  2f502689b799fd964bced77e57edf4206809bb11da16cf4f7895df1df54cdc97
- SHA512
  
  dff6b4bf25fc5b5cf1a64ee645fb0310b072ec69c89a6e863cf9e0800e1d36f8dc4e567cf19c7dc8ac704d351b604cbf8d35959c3a64a10aa6b54f5c8fedb3c2
- SSDEEP
  
  6144:M3VPjut1s07wltS102nj9W0t3KMONuGfpul4EdSCM:gZjut1s0qQj9ztaMMdxop3M
Score

10^/10

discovery redline sectoprat exodusmarket.io infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redlinesectopratexodusmarket.iodiscoveryinfostealerrattrojan

© 2018-2024

Terms | Privacy