redline | a8c01f337163dc0e0bccb3a85bd0bdca149a199e2d879771e05037ed00c8e967 | Triage

Submit
Reports

Overview

overview

Static

static

3

43dba0e8a3...18.exe

windows7-x64

43dba0e8a3...18.exe

windows10-2004-x64

Sharing

General

Target

43dba0e8a383863fc63b8a70d87bfba6_JaffaCakes118
Size

804KB
Sample

241014-ycpdzswfmp
MD5

43dba0e8a383863fc63b8a70d87bfba6
SHA1

02d43ae8b5fa933f34ff3e0686a93fa207d41056
SHA256

a8c01f337163dc0e0bccb3a85bd0bdca149a199e2d879771e05037ed00c8e967
SHA512

4ca15be07019051b26c2ea4d9562d90a53ee6ebb6b2ec9b93c4e24a5c2e6c20b884d866d09f17d2eaa6d004874f054e4350c7ea4c2b7331154b554edd780591c
SSDEEP

12288:WiG/HK7zc2w67doBnvGuCVg+4JVkjzCcDRCQx2gLFEU6LyD9SiyyjK:34b656euChyV+CcRj0EFERGd8

Score

10^/10

redline sectoprat anything discovery infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

43dba0e8a383863fc63b8a70d87bfba6_JaffaCakes118.exe

Resource

win7-20240708-en

redline sectoprat anything discovery infostealer rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

43dba0e8a383863fc63b8a70d87bfba6_JaffaCakes118.exe

Resource

win10v2004-20241007-en

redline sectoprat anything discovery infostealer rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

anything

C2

elired957.duckdns.org:15808

Targets

- Target
  
  43dba0e8a383863fc63b8a70d87bfba6_JaffaCakes118
- Size
  
  804KB
- MD5
  
  43dba0e8a383863fc63b8a70d87bfba6
- SHA1
  
  02d43ae8b5fa933f34ff3e0686a93fa207d41056
- SHA256
  
  a8c01f337163dc0e0bccb3a85bd0bdca149a199e2d879771e05037ed00c8e967
- SHA512
  
  4ca15be07019051b26c2ea4d9562d90a53ee6ebb6b2ec9b93c4e24a5c2e6c20b884d866d09f17d2eaa6d004874f054e4350c7ea4c2b7331154b554edd780591c
- SSDEEP
  
  12288:WiG/HK7zc2w67doBnvGuCVg+4JVkjzCcDRCQx2gLFEU6LyD9SiyyjK:34b656euChyV+CcRj0EFERGd8
Score

10^/10

redline sectoprat anything discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratanythingdiscoveryinfostealerrattrojan

behavioral2

redlinesectopratanythingdiscoveryinfostealerrattrojan

© 2018-2025

Terms | Privacy