redline

General

Target

733546d80cc58bf61df0f32cd9f78bec_JaffaCakes118
Size

1.3MB
Sample

241024-lzkyvsxapr
MD5

733546d80cc58bf61df0f32cd9f78bec
SHA1

8183c65a2f8fadd14e2c6fe6643455b392d366c3
SHA256

0f1962c4d1f9a9fe7b7d5d22f79ab02c7aa9f990a305860082134d47e3cd2a09
SHA512

ba2b9f9925ecfeb0b8602e12ab7c66c8f318079bedac493c95d46ec6c50b91195ef0530c5d4d1eaaba3bcc81f4047be8eb285b362e5660cf346b321e43710ca6
SSDEEP

24576:FhB0meok6PgZkuKQhineZZS5R0LkXaG6T:DBhdPQkcke3BgXaP

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

ruzkii

C2

verecalina.xyz:80

Targets

- Target
  
  733546d80cc58bf61df0f32cd9f78bec_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  733546d80cc58bf61df0f32cd9f78bec
- SHA1
  
  8183c65a2f8fadd14e2c6fe6643455b392d366c3
- SHA256
  
  0f1962c4d1f9a9fe7b7d5d22f79ab02c7aa9f990a305860082134d47e3cd2a09
- SHA512
  
  ba2b9f9925ecfeb0b8602e12ab7c66c8f318079bedac493c95d46ec6c50b91195ef0530c5d4d1eaaba3bcc81f4047be8eb285b362e5660cf346b321e43710ca6
- SSDEEP
  
  24576:FhB0meok6PgZkuKQhineZZS5R0LkXaG6T:DBhdPQkcke3BgXaP
Score

10^/10

agilenet discovery redline sectoprat ruzkii infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

SectopRAT

SectopRAT payload

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2