redline | 0ed605c6122fa4b3d84e89dd3dde7e3fca0aef0687935c1201f55d31a594d56b | Triage

Submit
Reports

Overview

overview

Static

static

ef6721cf0b...0N.exe

windows7-x64

ef6721cf0b...0N.exe

windows10-2004-x64

Sharing

General

Target

ef6721cf0bd7437d8bca647ead8f0120N.exe
Size

95KB
Sample

240804-qs46da1ang
MD5

ef6721cf0bd7437d8bca647ead8f0120
SHA1

7a2bd21a58d9a468380a47dfd81505b56cce613b
SHA256

0ed605c6122fa4b3d84e89dd3dde7e3fca0aef0687935c1201f55d31a594d56b
SHA512

70f28c80f7beebe6df040b07dcc782245d71a93102041c971c1cdfaeed2e8556fe3f641201486b7bbfbb30f6c511a678cf499328911a8c8d66ef2be16affb076
SSDEEP

1536:9qs+NqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2oteulgS6pY:rqMOY3+zi0ZbYe1g0ujyzdoY

Score

10^/10

redline sectoprat second credential_access discovery infostealer rat spyware stealer trojan

Static task

static1

second redline sectoprat

5 signatures

Behavioral task

behavioral1

Sample

ef6721cf0bd7437d8bca647ead8f0120N.exe

Resource

win7-20240708-en

redline sectoprat second credential_access discovery infostealer rat spyware stealer trojan

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

ef6721cf0bd7437d8bca647ead8f0120N.exe

Resource

win10v2004-20240802-en

redline sectoprat second credential_access discovery infostealer rat spyware stealer trojan

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

Second

C2

51.89.201.41:29254

Targets

- Target
  
  ef6721cf0bd7437d8bca647ead8f0120N.exe
- Size
  
  95KB
- MD5
  
  ef6721cf0bd7437d8bca647ead8f0120
- SHA1
  
  7a2bd21a58d9a468380a47dfd81505b56cce613b
- SHA256
  
  0ed605c6122fa4b3d84e89dd3dde7e3fca0aef0687935c1201f55d31a594d56b
- SHA512
  
  70f28c80f7beebe6df040b07dcc782245d71a93102041c971c1cdfaeed2e8556fe3f641201486b7bbfbb30f6c511a678cf499328911a8c8d66ef2be16affb076
- SSDEEP
  
  1536:9qs+NqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2oteulgS6pY:rqMOY3+zi0ZbYe1g0ujyzdoY
Score

10^/10

redline sectoprat second credential_access discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

secondredlinesectoprat

behavioral1

redlinesectopratsecondcredential_accessdiscoveryinfostealerratspywarestealertrojan

behavioral2

redlinesectopratsecondcredential_accessdiscoveryinfostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy