redline | b85140d8f018b50554acd3fedf3750d878aca1dbf58b3157b30209e361764736 | Triage

Submit
Reports

Overview

overview

Static

static

3

HEEX-SO010483.exe

windows7-x64

HEEX-SO010483.exe

windows10-2004-x64

Sharing

General

Target

b85140d8f018b50554acd3fedf3750d878aca1dbf58b3157b30209e361764736
Size

1.2MB
Sample

241108-m94pdstmhj
MD5

65b2f13ba5e5cdad5e053de3791d2eb4
SHA1

07059e245b7068f205b61da49b3caf514dc25761
SHA256

b85140d8f018b50554acd3fedf3750d878aca1dbf58b3157b30209e361764736
SHA512

0cd9aa68e7f0c8c7447a8bc620c928f59a4b32e80c6b453cfde55c20242539d89f9d5c8baafcd56b776509b89cb2713c29f76e0fd4563c91c3ba9c8fd4b2c24a
SSDEEP

12288:zXbZRm+GBCij769yptQkM2V4LNS8bMNKV0t76ih/:jbZRmjdVCj2MSbNKEx

Score

10^/10

redline sectoprat client discovery execution infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

HEEX-SO010483.exe

Resource

win7-20240903-en

redline sectoprat client discovery execution infostealer rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

HEEX-SO010483.exe

Resource

win10v2004-20241007-en

redline sectoprat client discovery execution infostealer rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

client

C2

104.243.33.119:300

Targets

- Target
  
  HEEX-SO010483.exe
- Size
  
  594KB
- MD5
  
  39c7a9eb89bfd37f75b680390e556709
- SHA1
  
  a05349b8760937693077cff5887444e1b20b6b19
- SHA256
  
  c96a4929bbf67a9c4dca1da11d932a3ff8a4e0702933aa30c3835559f6771d0c
- SHA512
  
  11394ab6dd63e2ecf68c407fb93a820aa926c7ca76812f68a8d0a3984297e41f91408192f86e67f3990005e251c13d67fff9046579ed0b6a30d28f0dc9109f85
- SSDEEP
  
  12288:gXbZRm+GBCij769yptQkM2V4LNS8bMNKV0t76ih/:cbZRmjdVCj2MSbNKEx
Score

10^/10

redline sectoprat client discovery execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratclientdiscoveryexecutioninfostealerrattrojan

behavioral2

redlinesectopratclientdiscoveryexecutioninfostealerrattrojan

© 2018-2025

Terms | Privacy