redline

General

Target

3adec946c91a772701486ae5fad6713731d1cfb7bf4b8db01c8d88856dbe14ca
Size

103KB
Sample

241107-g9fpnswpfy
MD5

b7a9e2d75f12bb8f07eb5363eff970f5
SHA1

b21e56925004c88c4a2bda3b820dc8fba9d1ade0
SHA256

3adec946c91a772701486ae5fad6713731d1cfb7bf4b8db01c8d88856dbe14ca
SHA512

55997294aebf88348605a08dd570c7618abbfdff440e1feebc84c25327ef524089473370bdbf587e9fd829e503301d61f2122427c9fc10173755c9a4a73d943d
SSDEEP

3072:0cN8TFkElK5dHHvNTKN3ifxMGwNUdcagOS2rjkysfpnLNbpV0uPBW6jr:H8Tp0vnvcqxMVNU1gOS2roVP3

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

1711042443

C2

79.137.192.6:8362

Targets

- Target
  
  8da0f0b8c48b288ecc49257530d428f97a04c06880ca522bf95e963f8984230b
- Size
  
  193KB
- MD5
  
  7ae31981d3246503a14c3ac315a53015
- SHA1
  
  96458669ebe2617d99325cc8a95d73dfea44f1e8
- SHA256
  
  8da0f0b8c48b288ecc49257530d428f97a04c06880ca522bf95e963f8984230b
- SHA512
  
  df14df3f26628f5586cad042136b7ec77c3f6b3499023b2be5796d92df1298592bd8477e919695a2b3b371c2118b2390045370c5b8bc400232bf2a297db6173a
- SSDEEP
  
  3072:x4U01Aqc91qXwxc4mZS9ybqSl6zWdzc7eEt8qTd0L:x4X1AqckKTmQ4qSlTdzcKKjTu
Score

10^/10

redline sectoprat 1711042443 discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2