redline | 87ac9e36b05f3d8001e92f640029350be8b8065ab72dca19b6e509caa13d68c3 | Triage

Sharing

General

Target

a7b53308b7a5092497753accfad96991310534a6
Size

603KB
Sample

241111-bdb4qayfmk
MD5

ef63d113bb78f3203efc013974a9e77d
SHA1

a7b53308b7a5092497753accfad96991310534a6
SHA256

87ac9e36b05f3d8001e92f640029350be8b8065ab72dca19b6e509caa13d68c3
SHA512

8de7c5332342f90fbd3719a7d95cecebd84c62284fc5ab92ddd23c02008a78d7d4a01d442f2f92c66d1f5f3c081dd996c2c27c98670775cc7febd304ba668064
SSDEEP

12288:s5JKfNFySu13fk+SDatFQNjGxnjfBPrzN7btbMeITf:IJiyN1zbeNizrzNNweSf

Score

10^/10

redline sectoprat youtube discovery infostealer rat trojan

Malware Config

Extracted

Family

redline

Botnet

Youtube

C2

tecnotrendgame.ddns.net:62099

Targets

- Target
  
  AlphaFS.dll
- Size
  
  359KB
- MD5
  
  f2f6f6798d306d6d7df4267434b5c5f9
- SHA1
  
  23be62c4f33fc89563defa20e43453b7cdfc9d28
- SHA256
  
  837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd
- SHA512
  
  1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211
- SSDEEP
  
  6144:QDyJst+jyCnzLp9hvHsPvPvPvS2JQvlojidPp:QDyJsvCnzZf4U1d
Score

1^/10
behavioral1 behavioral2
- Target
  
  Extreme.Net.dll
- Size
  
  121KB
- MD5
  
  f79f0e3a0361cac000e2d3553753cd68
- SHA1
  
  4314bcef76fddc9379a8f3a266b37d685d0adb79
- SHA256
  
  8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
- SHA512
  
  c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
- SSDEEP
  
  3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Score

1^/10
behavioral3 behavioral4
- Target
  
  Metamask Seed Generator.exe
- Size
  
  590KB
- MD5
  
  e883f34b766540694ea524e1f8be3958
- SHA1
  
  e4bc2c5cd58e2ecf9ec30768558baf29f73690d7
- SHA256
  
  8fa48d81788bbd2b1ad77fbb615a5cd3084ed94badc0b9f58797c6b09bd251be
- SHA512
  
  c046217c5f688eec693b4e5c91d5871c8b78887aa4a9f087a7469ae83b01169ecf3c17244b19f6b2e5d3e1aa231e6c164303bbdd9bb3723addbc0b5f86c95a17
- SSDEEP
  
  12288:eicwvLD0hg8gGXf55nA6Lpa1dlgfTgRVbusK7D+AaIG6z9o7TSaIva9s:eicMLD0K0bA60neTgZTSaO
Score

10^/10

discovery redline sectoprat youtube infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  Ookii.Dialogs.Wpf.dll
- Size
  
  103KB
- MD5
  
  932ebb3f9e7113071c6a17818342b7cc
- SHA1
  
  9ce2d08bc3840632092325abcc8d842eeb8189d4
- SHA256
  
  285aa8225732ddbcf211b1158bd6cff8bf3acbeeab69617f4be85862b7105ab5
- SHA512
  
  6b6086cff7b916c0c4536e3c7cba4ba17d6c4be2e4a88a5877be852e197f1f9c9c120d1295acf2b4277a9badd8cfd229ef3c1ab2049d0aeec22d3033be156141
- SSDEEP
  
  1536:qgoPBGuyAy52V+gtTLq6ZUc68h8O0SB/XBboIawHUPV5bKLh8sm6b0gl:qgwBGu2IV+ghd68WOxXBbx+5of
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

redlinesectopratyoutubediscoveryinfostealerrattrojan

behavioral7

behavioral8