redline | a42fb022bac3ff6defa0d1fbcfc2b7c18fb90733f43c14f6941e4b952e145879 | Triage

Submit
Reports

Overview

overview

Static

static

3

6cd5f89c64...18.exe

windows7-x64

6cd5f89c64...18.exe

windows10-2004-x64

Sharing

General

Target

6cd5f89c64944a1dccc26e5283783439_JaffaCakes118
Size

850KB
Sample

241023-c4s1layeqr
MD5

6cd5f89c64944a1dccc26e5283783439
SHA1

4ed1dc5550ee98115f3198d760f6efa0741bbfbc
SHA256

a42fb022bac3ff6defa0d1fbcfc2b7c18fb90733f43c14f6941e4b952e145879
SHA512

6e1d56966a04c5ae74413fbda07b6e37adecf170808d26a1346199bb71848a5f6aacbf49f7d6af8a7c101a56c366cde9fa9a1438fb26e46a6e292c66fc4a1710
SSDEEP

24576:/WhNIXkXcV/78QShfAofoXxcPjOIzNK6d8K:X/7HShfhUcbE6K

Score

10^/10

redline sectoprat 2020 discovery infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6cd5f89c64944a1dccc26e5283783439_JaffaCakes118.exe

Resource

win7-20240903-en

redline sectoprat 2020 discovery infostealer rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6cd5f89c64944a1dccc26e5283783439_JaffaCakes118.exe

Resource

win10v2004-20241007-en

redline sectoprat 2020 discovery infostealer rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

2020

C2

2.56.59.235:61159

Targets

- Target
  
  6cd5f89c64944a1dccc26e5283783439_JaffaCakes118
- Size
  
  850KB
- MD5
  
  6cd5f89c64944a1dccc26e5283783439
- SHA1
  
  4ed1dc5550ee98115f3198d760f6efa0741bbfbc
- SHA256
  
  a42fb022bac3ff6defa0d1fbcfc2b7c18fb90733f43c14f6941e4b952e145879
- SHA512
  
  6e1d56966a04c5ae74413fbda07b6e37adecf170808d26a1346199bb71848a5f6aacbf49f7d6af8a7c101a56c366cde9fa9a1438fb26e46a6e292c66fc4a1710
- SSDEEP
  
  24576:/WhNIXkXcV/78QShfAofoXxcPjOIzNK6d8K:X/7HShfhUcbE6K
Score

10^/10

redline sectoprat 2020 discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectoprat2020discoveryinfostealerrattrojan

behavioral2

redlinesectoprat2020discoveryinfostealerrattrojan

© 2018-2025

Terms | Privacy