redline

General

Target

13c624c2d8557ffb2b388b1cd475e71f068920c360a7f7f9d776dadf8f835fc9
Size

326KB
Sample

241111-gpn6bathmk
MD5

8d55a7d6d505f46939c511271e0dbc78
SHA1

cca0206a78819f40d6829d66fe3221394bc055ce
SHA256

13c624c2d8557ffb2b388b1cd475e71f068920c360a7f7f9d776dadf8f835fc9
SHA512

2bde2dc05f4769aa4745b9062bcd10a07180660a7b06c9dcdd31c55eda7fac59c74ca73e66c6b7941ef148071f9fc42826f64200661fccd293dab668173be8d4
SSDEEP

3072:FnUeXcgbZ2/rkpH8LlgiIICv17yvoqPm4TbIvu4VuCwszeFIFCIncVi:FLX1RpH85giIjd2vu4Pw1kbszZV

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

prayfo

C2

45.144.29.19:24123

Targets

- Target
  
  13c624c2d8557ffb2b388b1cd475e71f068920c360a7f7f9d776dadf8f835fc9
- Size
  
  326KB
- MD5
  
  8d55a7d6d505f46939c511271e0dbc78
- SHA1
  
  cca0206a78819f40d6829d66fe3221394bc055ce
- SHA256
  
  13c624c2d8557ffb2b388b1cd475e71f068920c360a7f7f9d776dadf8f835fc9
- SHA512
  
  2bde2dc05f4769aa4745b9062bcd10a07180660a7b06c9dcdd31c55eda7fac59c74ca73e66c6b7941ef148071f9fc42826f64200661fccd293dab668173be8d4
- SSDEEP
  
  3072:FnUeXcgbZ2/rkpH8LlgiIICv17yvoqPm4TbIvu4VuCwszeFIFCIncVi:FLX1RpH85giIjd2vu4Pw1kbszZV
Score

10^/10

redline sectoprat prayfo discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2