redline | ad04e54f8e31e7b42a592d8cf491cc34e409dac6cfde46b78b266a745438c7ac | Triage

Sharing

General

Target

ad04e54f8e31e7b42a592d8cf491cc34e409dac6cfde46b78b266a745438c7ac
Size

1004KB
Sample

241109-bw3dmatkfx
MD5

d63a82d80e48198b4f838ac52013684b
SHA1

cc16966ec30c6a645d652c9879ddc5bb049fa5e2
SHA256

ad04e54f8e31e7b42a592d8cf491cc34e409dac6cfde46b78b266a745438c7ac
SHA512

59a6bd9a6803a1c55dd192dccb225b227972ffe66e314014b59dad37b89a0bb30b0dd449c78856c78e0d5c6f0fd34075902ada4a7949c1ef5334a32bc4997a85
SSDEEP

24576:CJCqYAB9DTH/t5RXGY5vPGIxXuw7Z5IiVVJ/wKDC2SAC9:4YABBTHTf5ndxXnPD/BDC9b9

Score

10^/10

redline sectoprat leon discovery infostealer persistence rat trojan

Malware Config

Extracted

Family

redline

Botnet

LEON

C2

45.67.228.152:54641

Targets

- Target
  
  Trainer v5.7.2.exe
- Size
  
  1.1MB
- MD5
  
  845b70c2d9468badb00edc87d4f4230a
- SHA1
  
  0ca9d48b0fe87f711a2fe44d631c5f5fb87be41e
- SHA256
  
  1a5968df13264103fccc2177d3293111db4f1ca9d5767cf581835e3ce2448cac
- SHA512
  
  f3f1e507d907ed438ab8f5c80dd940fda0522f2c97615a23c777044a9f880bfbc4509530aa2cb5075c1296d72abfbab9c569d8cc0df6637ecb87cb66af19d4ae
- SSDEEP
  
  24576:WsjvrXwxJzL+2mTyuHT6xz40yBwttNt36rug8V:WsrrXwJg7ieB9X
Score

10^/10

redline sectoprat leon discovery infostealer persistence rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratleondiscoveryinfostealerpersistencerattrojan