redline | 501e5f1a1def69055a403df2277c56a0af9fe87d10b01a95612b1491f982a4a2 | Triage

Sharing

General

Target

7f80eedefa53630669248eb5d1317d45
Size

4.5MB
Sample

241111-fqfd5axjcm
MD5

7f80eedefa53630669248eb5d1317d45
SHA1

85d39389006cdf88b3b1ffbe5f6eec876b9e086e
SHA256

501e5f1a1def69055a403df2277c56a0af9fe87d10b01a95612b1491f982a4a2
SHA512

80b23d2e946cbc6e89f28d301b1498da6528b304cbce0f02785b65a4f6f55137952c34a0477e5714b86ab77a361ec4ffdc8f8013d694739866764d5c9f8fef73
SSDEEP

98304:6YwWkS8s2UqNzzBB1/uSSJgpMU7HcKUXAV3C03EnNP:6YwWkSN2UqNXDY3JgpjHNUXAVSpnF

Score

10^/10

redline sectoprat discovery infostealer rat trojan

Malware Config

Targets

- Target
  
  Crypter Cracked/Crypter.exe
- Size
  
  239KB
- MD5
  
  694e900f3d5452a602adb055e91d988c
- SHA1
  
  fcbc3838f3d72e2055ff244f8943811929c10c13
- SHA256
  
  c15df21d1e485cb325a709b196ea021eb9d4222deb78662706f949404aaf7a1b
- SHA512
  
  1f1d296f92598194e0684a799e21662ea841c3532e2bc51d4738ed7a34fc0a851fe8ac85f5ec886bbd10d69cb1132f5c3b5d6aa7df0cff83ca6c47452502180d
- SSDEEP
  
  6144:LNvyA1zd0mf/gr7dB3UAElguuwDt+QrTH:LNvyAxFnG3UBuwDTT
Score

10^/10

redline sectoprat discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Crypter Cracked/comctl32.dll
- Size
  
  712KB
- MD5
  
  02490c84270ccbe4895df49897115766
- SHA1
  
  1755ca0eaa8a22a5cae451eddac206993879b82b
- SHA256
  
  91b825df9519d0ecaffe6bbe1ad4b7ffbe51de46ea8b8d73f3c8c34316baf622
- SHA512
  
  b3c3704880dd01a28013c238145dcbf11a65d6b105a717fe7225680cf4ad776b1d9400e34a6cfe59287e618a7ecf997c77a63e1bdb2a166ad3f1e637c7ecd9ae
- SSDEEP
  
  12288:MnYtIiiLXKLkfU7t+qxY/O0tbjCQEhDHcARQPqkHP0Rk0oRyTetrfwI3:MnYtI0ht+6gbmQEhjcAQPqkHP0Rk0KDD
Score

1^/10
behavioral3
- Target
  
  Crypter Cracked/gdiplus.dll
- Size
  
  1.7MB
- MD5
  
  15fef78bdd3f862665d28cdea106280f
- SHA1
  
  b579eeeffcb77c3f730a33265915500db208b21f
- SHA256
  
  b1c7b8c38d2019fba55b218a1eccbb16d419dcfd37d168e7b22d385a30960166
- SHA512
  
  e16f2bac55d6c4c68563e83309b0fc9e5b79f70918a96cbf61a1f31a0a602cad10572b454e4eba77ac5029ebe3b03267fa2284282c538c14ef136f05d884dba2
- SSDEEP
  
  49152:TjkzHAccLYd530xnPUvTN9hx6KeYKZXDOldFd27Qo3SBWNAxOkv0LL8oftYd:UnXFks
Score

1^/10
behavioral4
- Target
  
  Crypter Cracked/libcrypto-1_1.dll
- Size
  
  3.3MB
- MD5
  
  ab01c808bed8164133e5279595437d3d
- SHA1
  
  0f512756a8db22576ec2e20cf0cafec7786fb12b
- SHA256
  
  9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55
- SHA512
  
  4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2
- SSDEEP
  
  98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
Score

1^/10
behavioral5 behavioral6
- Target
  
  Crypter Cracked/libffi-7.dll
- Size
  
  32KB
- MD5
  
  eef7981412be8ea459064d3090f4b3aa
- SHA1
  
  c60da4830ce27afc234b3c3014c583f7f0a5a925
- SHA256
  
  f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
- SHA512
  
  dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
- SSDEEP
  
  384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
Score

1^/10
behavioral7 behavioral8
- Target
  
  Crypter Cracked/libssl-1_1.dll
- Size
  
  682KB
- MD5
  
  de72697933d7673279fb85fd48d1a4dd
- SHA1
  
  085fd4c6fb6d89ffcc9b2741947b74f0766fc383
- SHA256
  
  ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f
- SHA512
  
  0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c
- SSDEEP
  
  12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz
Score

1^/10
behavioral10 behavioral9
- Target
  
  Crypter Cracked/mfc140u.dll
- Size
  
  5.6MB
- MD5
  
  598536e5ce9c6b10db3579ac7b8bcc49
- SHA1
  
  193f8433207de516baa1b38dd8de31bac065d456
- SHA256
  
  ffc74cd49df7d8b6ddcb94de1e12a399897aebf066e4884c9e563067ed399c89
- SHA512
  
  e53a0fedce5adae83874c6d4bba0d9d0e523c6a65ae307dc1086271d81e09c878ac148a8ecfba67cfabdc6e59db464bd22a0d44c7d2c3474323b920fe75c14f9
- SSDEEP
  
  49152:sGeFUHwMdKH3fVL7u8dFLP0OwuXJ7ahucFeXGGjzAjRptGu3n+CF9ZhIuSwIbFL4:jg9DoRaFLOAkGkzdnEVomFHKnPFT
Score

1^/10
behavioral11 behavioral12
- Target
  
  Crypter Cracked/module.dll
- Size
  
  11KB
- MD5
  
  f856ddf099cec1580f46514d0c3c23dd
- SHA1
  
  12e37572be5de69f8eeb51b2c9a4973b486aedc5
- SHA256
  
  43ec4d26c7d916a1cdd31ea1da763aa05d802ff82cbbdd4277d25c0c85ed7696
- SHA512
  
  43c2df09f7ff8fb94971c3a3d04f6e13abd3b7a397febe46ec168ad1da104c0c8511b463d4d9f2b205247e683e45ce9967e9ba4dbfe85a9c636852aa75f3f7f0
- SSDEEP
  
  96:vMPAEv0CdKklGNF6jJuWojnUKHKPZAbJGUu+Rs0v32DxmGIoP5IlcqoqC9cI4iZQ:vlq4NcoWgnde9kf2Db5IlGFZro+q
Score

1^/10
behavioral13 behavioral14
- Target
  
  Crypter Cracked/vcruntime140.dll
- Size
  
  96KB
- MD5
  
  f12681a472b9dd04a812e16096514974
- SHA1
  
  6fd102eb3e0b0e6eef08118d71f28702d1a9067c
- SHA256
  
  d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
- SHA512
  
  7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2
- SSDEEP
  
  1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
Score

1^/10
behavioral15 behavioral16
- Target
  
  Crypter Cracked/vcruntime140_1.dll
- Size
  
  37KB
- MD5
  
  75e78e4bf561031d39f86143753400ff
- SHA1
  
  324c2a99e39f8992459495182677e91656a05206
- SHA256
  
  1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e
- SHA512
  
  ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756
- SSDEEP
  
  768:Xhh4pTUUtmUwqiu8oSRjez6SD7GkxZYj/9zLUr:xJ9x70GkxuZz2
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratdiscoveryinfostealerrattrojan

behavioral2

redlinesectopratdiscoveryinfostealerrattrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18