redline | 556664b3dbcf66d7d831837a8ef6aed3bbaecb80867cf88ed85ceeff2e28f744 | Triage

Submit
Reports

Overview

overview

Static

static

3

Redeye Net...er.exe

windows7-x64

Redeye Net...er.exe

windows10-2004-x64

Sharing

General

Target

Redeye Netflix Checker.exe
Size

1.0MB
Sample

240805-w7qt7aybje
MD5

c621ad8d7905a5917267648416c59b8e
SHA1

355b81d2c2e8ddffcdadf345a54f71d5ebbb74db
SHA256

556664b3dbcf66d7d831837a8ef6aed3bbaecb80867cf88ed85ceeff2e28f744
SHA512

6eebca3c512a99b5c8955f3fb01aa1f0eeb140e7adafb1dbf912326ce83fc18821609de674666c7c6b0ee30302cf986d1733d8482d6ef34e666b97a3430cd335
SSDEEP

12288:CLlhhMfWpqUqirbod56PbTxItQBDAfdft+eLZjLP1gUrGqzw3+hOKuivRX62elU:02OgLibodkwWSJt/9rjz6+INivwy

Score

10^/10

redline sectoprat ultimatecrackpack discovery execution infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Redeye Netflix Checker.exe

Resource

win7-20240708-en

redline sectoprat ultimatecrackpack discovery execution infostealer rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Redeye Netflix Checker.exe

Resource

win10v2004-20240802-en

redline sectoprat ultimatecrackpack discovery execution infostealer rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

UltimateCrackPack

C2

51.83.170.23:16128

Targets

- Target
  
  Redeye Netflix Checker.exe
- Size
  
  1.0MB
- MD5
  
  c621ad8d7905a5917267648416c59b8e
- SHA1
  
  355b81d2c2e8ddffcdadf345a54f71d5ebbb74db
- SHA256
  
  556664b3dbcf66d7d831837a8ef6aed3bbaecb80867cf88ed85ceeff2e28f744
- SHA512
  
  6eebca3c512a99b5c8955f3fb01aa1f0eeb140e7adafb1dbf912326ce83fc18821609de674666c7c6b0ee30302cf986d1733d8482d6ef34e666b97a3430cd335
- SSDEEP
  
  12288:CLlhhMfWpqUqirbod56PbTxItQBDAfdft+eLZjLP1gUrGqzw3+hOKuivRX62elU:02OgLibodkwWSJt/9rjz6+INivwy
Score

10^/10

redline sectoprat ultimatecrackpack discovery execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratultimatecrackpackdiscoveryexecutioninfostealerrattrojan

behavioral2

redlinesectopratultimatecrackpackdiscoveryexecutioninfostealerrattrojan

© 2018-2024

Terms | Privacy