redline | a977a5b1cda46d79bdd0f4c24ec6433e89bbe1ee800d48c4f3c23ecb38593bb9 | Triage

Submit
Reports

Overview

overview

Static

static

3

a977a5b1cd...9N.exe

windows7-x64

a977a5b1cd...9N.exe

windows10-2004-x64

Sharing

General

Target

a977a5b1cda46d79bdd0f4c24ec6433e89bbe1ee800d48c4f3c23ecb38593bb9N
Size

732KB
Sample

241021-rlahvsxamh
MD5

9b5c455bc6d2985d41cab7bc6a36cc80
SHA1

187b73f9d3d3e7af3b40978043543ed682f466e6
SHA256

a977a5b1cda46d79bdd0f4c24ec6433e89bbe1ee800d48c4f3c23ecb38593bb9
SHA512

51ac5ec377bd41ea829f5f764f9dfb50620590fcea7e41fb2db2a68b4d4e154380a6e2b479ad427251bea1c37319299cd5765d4d93072cb9651bf44bd497865d
SSDEEP

12288:U08rd/YUPOEBPSE3fahRxFkElhiYigISJ1MLh/9/i3MNi0f:SPPx3fahbFkEriYvISfM3i3Qic

Score

10^/10

redline sectoprat success-logs discovery execution infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a977a5b1cda46d79bdd0f4c24ec6433e89bbe1ee800d48c4f3c23ecb38593bb9N.exe

Resource

win7-20241010-en

redline sectoprat success-logs discovery execution infostealer rat trojan

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

a977a5b1cda46d79bdd0f4c24ec6433e89bbe1ee800d48c4f3c23ecb38593bb9N.exe

Resource

win10v2004-20241007-en

redline sectoprat success-logs discovery execution infostealer rat trojan

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

success-logs

C2

147.182.130.25:16383

Targets

- Target
  
  a977a5b1cda46d79bdd0f4c24ec6433e89bbe1ee800d48c4f3c23ecb38593bb9N
- Size
  
  732KB
- MD5
  
  9b5c455bc6d2985d41cab7bc6a36cc80
- SHA1
  
  187b73f9d3d3e7af3b40978043543ed682f466e6
- SHA256
  
  a977a5b1cda46d79bdd0f4c24ec6433e89bbe1ee800d48c4f3c23ecb38593bb9
- SHA512
  
  51ac5ec377bd41ea829f5f764f9dfb50620590fcea7e41fb2db2a68b4d4e154380a6e2b479ad427251bea1c37319299cd5765d4d93072cb9651bf44bd497865d
- SSDEEP
  
  12288:U08rd/YUPOEBPSE3fahRxFkElhiYigISJ1MLh/9/i3MNi0f:SPPx3fahbFkEriYvISfM3i3Qic
Score

10^/10

redline sectoprat success-logs discovery execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratsuccess-logsdiscoveryexecutioninfostealerrattrojan

behavioral2

redlinesectopratsuccess-logsdiscoveryexecutioninfostealerrattrojan

© 2018-2025

Terms | Privacy