redline | df3694b85648ab86774f29af8995d84b6c3caa9e6bbac21239a63e07e5ca55fc | Triage

Submit
Reports

Overview

overview

Static

static

3

6830bb04b5...18.exe

windows7-x64

6830bb04b5...18.exe

windows10-2004-x64

Sharing

General

Target

6830bb04b52643e9b39839740304d021_JaffaCakes118
Size

432KB
Sample

241022-bd7wdsxdqf
MD5

6830bb04b52643e9b39839740304d021
SHA1

582216be776afddd9eeb2e868fb54f45c9826f99
SHA256

df3694b85648ab86774f29af8995d84b6c3caa9e6bbac21239a63e07e5ca55fc
SHA512

30ba0a784759b9829604a46ef533bee64f06995fa66806a2b1de092e1b2d2cd35104fdbe08668ad02250940fc80a1e088b43e2609b8ea6cd014370fd07e7c5c4
SSDEEP

12288:ziG4NhsSmPGW6iUSZsCeyQ1s5Gji1LZieVlHFz:iN6SmPGW1zZPenusclH

Score

10^/10

redline sectoprat @koshachuy discovery infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6830bb04b52643e9b39839740304d021_JaffaCakes118.exe

Resource

win7-20240903-en

redline sectoprat @koshachuy discovery infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

6830bb04b52643e9b39839740304d021_JaffaCakes118.exe

Resource

win10v2004-20241007-en

redline sectoprat @koshachuy discovery infostealer rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@koshachuy

C2

138.124.186.42:14462

Targets

- Target
  
  6830bb04b52643e9b39839740304d021_JaffaCakes118
- Size
  
  432KB
- MD5
  
  6830bb04b52643e9b39839740304d021
- SHA1
  
  582216be776afddd9eeb2e868fb54f45c9826f99
- SHA256
  
  df3694b85648ab86774f29af8995d84b6c3caa9e6bbac21239a63e07e5ca55fc
- SHA512
  
  30ba0a784759b9829604a46ef533bee64f06995fa66806a2b1de092e1b2d2cd35104fdbe08668ad02250940fc80a1e088b43e2609b8ea6cd014370fd07e7c5c4
- SSDEEP
  
  12288:ziG4NhsSmPGW6iUSZsCeyQ1s5Gji1LZieVlHFz:iN6SmPGW1zZPenusclH
Score

10^/10

redline sectoprat @koshachuy discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectoprat@koshachuydiscoveryinfostealerrattrojan

behavioral2

redlinesectoprat@koshachuydiscoveryinfostealerrattrojan

© 2018-2025

Terms | Privacy