redline | 289bceeeff61db69d94891ce1436291f42c3548bcef78120ba770a21c81a9bf2 | Triage

Submit
Reports

Overview

overview

Static

static

3

7b62c52483...0N.exe

windows7-x64

7b62c52483...0N.exe

windows10-2004-x64

Sharing

General

Target

7b62c5248337ebed283f82a912016f10N.exe
Size

524KB
Sample

240803-k5s1zstdnc
MD5

7b62c5248337ebed283f82a912016f10
SHA1

4d4e2a283cb5c7a1620e84d55f07451c1b2d39bc
SHA256

289bceeeff61db69d94891ce1436291f42c3548bcef78120ba770a21c81a9bf2
SHA512

72721ee2d70cde744a565a10c3472222a6aee5c6e0573ef9f475cd5f019ede0a4fbb127f132e12e1c0e5ca104ee3e3414a1c1139579a4d94a243a7f8b8440931
SSDEEP

12288:FK0QpjndCRVwqbwQkt7rllWxJzxv5rsi2IZl:FKTjdCvw7HkC

Score

10^/10

redline sectoprat newlogs discovery execution infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7b62c5248337ebed283f82a912016f10N.exe

Resource

win7-20240708-en

redline sectoprat newlogs discovery execution infostealer rat trojan

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

7b62c5248337ebed283f82a912016f10N.exe

Resource

win10v2004-20240802-en

redline sectoprat newlogs discovery execution infostealer rat trojan

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

Newlogs

C2

204.14.75.2:16383

Targets

- Target
  
  7b62c5248337ebed283f82a912016f10N.exe
- Size
  
  524KB
- MD5
  
  7b62c5248337ebed283f82a912016f10
- SHA1
  
  4d4e2a283cb5c7a1620e84d55f07451c1b2d39bc
- SHA256
  
  289bceeeff61db69d94891ce1436291f42c3548bcef78120ba770a21c81a9bf2
- SHA512
  
  72721ee2d70cde744a565a10c3472222a6aee5c6e0573ef9f475cd5f019ede0a4fbb127f132e12e1c0e5ca104ee3e3414a1c1139579a4d94a243a7f8b8440931
- SSDEEP
  
  12288:FK0QpjndCRVwqbwQkt7rllWxJzxv5rsi2IZl:FKTjdCvw7HkC
Score

10^/10

redline sectoprat newlogs discovery execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratnewlogsdiscoveryexecutioninfostealerrattrojan

behavioral2

redlinesectopratnewlogsdiscoveryexecutioninfostealerrattrojan

© 2018-2024

Terms | Privacy