redline | c6452030b5c3054bc311e285ff98f147df2cd50898801cade4dc27974d54f357 | Triage

Submit
Reports

Overview

overview

Static

static

3

5.exe

windows7-x64

5.exe

windows10-2004-x64

Sharing

General

Target

5.exe
Size

2.5MB
Sample

241029-srfshawfmm
MD5

60fbf5e1f59e35aac3fb573b1d136b07
SHA1

f3ca4be74fcfc3b7eee2d6a000267ff543e9186a
SHA256

c6452030b5c3054bc311e285ff98f147df2cd50898801cade4dc27974d54f357
SHA512

82705fc4fbc8e9fa1152ea60afdd9cc6d0e9051b43b8b8f60874bba0d86c0a821c1d605c77ea48a3760a5b740f101ee7af00f74d8a10b3c4f6b9e5dab1a092e5
SSDEEP

12288:mmqbNcTkr9j6uAuhwlZOipwR5EsGvFvcn5S5tW:WNcTMl6uv8ZhlRcnMjW

Score

10^/10

redline sectoprat pee discovery evasion execution infostealer rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5.exe

Resource

win7-20240903-en

redline sectoprat pee discovery evasion execution infostealer rat spyware trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

5.exe

Resource

win10v2004-20241007-en

redline sectoprat pee discovery evasion execution infostealer rat spyware trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

pee

C2

188.190.10.10:55123

Targets

- Target
  
  5.exe
- Size
  
  2.5MB
- MD5
  
  60fbf5e1f59e35aac3fb573b1d136b07
- SHA1
  
  f3ca4be74fcfc3b7eee2d6a000267ff543e9186a
- SHA256
  
  c6452030b5c3054bc311e285ff98f147df2cd50898801cade4dc27974d54f357
- SHA512
  
  82705fc4fbc8e9fa1152ea60afdd9cc6d0e9051b43b8b8f60874bba0d86c0a821c1d605c77ea48a3760a5b740f101ee7af00f74d8a10b3c4f6b9e5dab1a092e5
- SSDEEP
  
  12288:mmqbNcTkr9j6uAuhwlZOipwR5EsGvFvcn5S5tW:WNcTMl6uv8ZhlRcnMjW
Score

10^/10

redline sectoprat pee discovery evasion execution infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratpeediscoveryevasionexecutioninfostealerratspywaretrojan

behavioral2

redlinesectopratpeediscoveryevasionexecutioninfostealerratspywaretrojan

© 2018-2025

Terms | Privacy