redline | 3326eff842bafe62fb6235a14abe1d8de6570b142396a194760b6a51071d3ecc | Triage

Submit
Reports

Overview

overview

Static

static

3

43be60ff64...18.exe

windows7-x64

43be60ff64...18.exe

windows10-2004-x64

Sharing

General

Target

43be60ff644ccc577ed3e3a9bac01d76_JaffaCakes118
Size

287KB
Sample

241014-xsyf6a1epb
MD5

43be60ff644ccc577ed3e3a9bac01d76
SHA1

46ff6eb93f93c36a260811a864f70aa44a2b3bc4
SHA256

3326eff842bafe62fb6235a14abe1d8de6570b142396a194760b6a51071d3ecc
SHA512

d0a26d0e37f64e0d153117f18577d1b0ea8678816b275e3f5a6fbfb5b3c9425e75d696394991fa56686c5d4497804587d7ba924b23181c644589b25606d41bd9
SSDEEP

6144:nL82FwaVi+yZGnehjh180tb5sdflLecVrRg5jTwa/RxJg:noAvfet/8kb5wlLeGR6Y

Score

10^/10

redline sectoprat sewpalpadin discovery infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

43be60ff644ccc577ed3e3a9bac01d76_JaffaCakes118.exe

Resource

win7-20240708-en

redline sectoprat sewpalpadin discovery infostealer rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

43be60ff644ccc577ed3e3a9bac01d76_JaffaCakes118.exe

Resource

win10v2004-20241007-en

redline sectoprat sewpalpadin discovery infostealer rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

C2

185.215.113.114:8887

Targets

- Target
  
  43be60ff644ccc577ed3e3a9bac01d76_JaffaCakes118
- Size
  
  287KB
- MD5
  
  43be60ff644ccc577ed3e3a9bac01d76
- SHA1
  
  46ff6eb93f93c36a260811a864f70aa44a2b3bc4
- SHA256
  
  3326eff842bafe62fb6235a14abe1d8de6570b142396a194760b6a51071d3ecc
- SHA512
  
  d0a26d0e37f64e0d153117f18577d1b0ea8678816b275e3f5a6fbfb5b3c9425e75d696394991fa56686c5d4497804587d7ba924b23181c644589b25606d41bd9
- SSDEEP
  
  6144:nL82FwaVi+yZGnehjh180tb5sdflLecVrRg5jTwa/RxJg:noAvfet/8kb5wlLeGR6Y
Score

10^/10

redline sectoprat sewpalpadin discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratsewpalpadindiscoveryinfostealerrattrojan

behavioral2

redlinesectopratsewpalpadindiscoveryinfostealerrattrojan

© 2018-2025

Terms | Privacy