redline | f6b09208c3523be3a490af2fc305d4574b38d95a435c8a55402fca38597e6dac | Triage

Submit
Reports

Overview

overview

Static

static

1

f6b09208c3...ac.exe

windows7-x64

f6b09208c3...ac.exe

windows10-2004-x64

Sharing

General

Target

f6b09208c3523be3a490af2fc305d4574b38d95a435c8a55402fca38597e6dac
Size

647KB
Sample

241105-rcdh6a1qgx
MD5

68b2a6e71c0c904a9aeabfc9adbf7a21
SHA1

0577bcb0a9736b45f1eb92f6070aac2134e674dc
SHA256

f6b09208c3523be3a490af2fc305d4574b38d95a435c8a55402fca38597e6dac
SHA512

077b52bf789dca81f8155182eae1fa8ce529586f70a2cb8ce7298917fb6f42c83dcb1cb9274e498295bdda65d4d2d7dd41ef6ea086dfb510ef75c871fb8daf46
SSDEEP

12288:Q+KncNPCdkjtqD56vpunMKgabsvmyArpBAz9TjcQ1AQw9xkR:0mPCdkpqF6vpjmsenVBA1jd1AT+

Score

10^/10

redline sectoprat cheat discovery execution infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

f6b09208c3523be3a490af2fc305d4574b38d95a435c8a55402fca38597e6dac.exe

Resource

win7-20240903-en

redline sectoprat cheat discovery execution infostealer rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

f6b09208c3523be3a490af2fc305d4574b38d95a435c8a55402fca38597e6dac.exe

Resource

win10v2004-20241007-en

redline sectoprat cheat discovery execution infostealer rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.137.22.248:55615

Targets

- Target
  
  f6b09208c3523be3a490af2fc305d4574b38d95a435c8a55402fca38597e6dac
- Size
  
  647KB
- MD5
  
  68b2a6e71c0c904a9aeabfc9adbf7a21
- SHA1
  
  0577bcb0a9736b45f1eb92f6070aac2134e674dc
- SHA256
  
  f6b09208c3523be3a490af2fc305d4574b38d95a435c8a55402fca38597e6dac
- SHA512
  
  077b52bf789dca81f8155182eae1fa8ce529586f70a2cb8ce7298917fb6f42c83dcb1cb9274e498295bdda65d4d2d7dd41ef6ea086dfb510ef75c871fb8daf46
- SSDEEP
  
  12288:Q+KncNPCdkjtqD56vpunMKgabsvmyArpBAz9TjcQ1AQw9xkR:0mPCdkpqF6vpjmsenVBA1jd1AT+
Score

10^/10

redline sectoprat cheat discovery execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatdiscoveryexecutioninfostealerrattrojan

behavioral2

redlinesectopratcheatdiscoveryexecutioninfostealerrattrojan

© 2018-2025

Terms | Privacy