redline | 278b095c0694af6600aea03963b86d9b19c2811651ca792508de36c7ec55a250 | Triage

Submit
Reports

Overview

overview

Static

static

1

8d6eb147e9...5N.exe

windows7-x64

8d6eb147e9...5N.exe

windows10-2004-x64

Sharing

General

Target

8d6eb147e9f5a3b0982844feda99dfb8572c1c9ae05e06248b012fc7e3f90d95N.exe
Size

551KB
Sample

241112-gg93tawfkg
MD5

08954896c00964d3b4b7f4141c5eaa2a
SHA1

4fd648890d357c14928bd8c8c5295702b870841b
SHA256

278b095c0694af6600aea03963b86d9b19c2811651ca792508de36c7ec55a250
SHA512

d1bd743329801f4871ef0c4fb29d9e939f727e48f28a55ac9d309384d866bfc15926570184ef26d7f3d23cc0221dc2d33e86e8d994e17890ad3a5ee713807924
SSDEEP

12288:hhQbEeX/zYMIxKzS7no9YB6Hd5fZoyr+oqfk2Aqk4:hh0//PIV7ob/oyr+oq7

Score

10^/10

redline sectoprat cheat discovery execution infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

8d6eb147e9f5a3b0982844feda99dfb8572c1c9ae05e06248b012fc7e3f90d95N.exe

Resource

win7-20240903-en

redline sectoprat cheat discovery execution infostealer rat trojan

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

8d6eb147e9f5a3b0982844feda99dfb8572c1c9ae05e06248b012fc7e3f90d95N.exe

Resource

win10v2004-20241007-en

redline sectoprat cheat discovery execution infostealer rat trojan

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.137.22.248:55615

Targets

- Target
  
  8d6eb147e9f5a3b0982844feda99dfb8572c1c9ae05e06248b012fc7e3f90d95N.exe
- Size
  
  551KB
- MD5
  
  08954896c00964d3b4b7f4141c5eaa2a
- SHA1
  
  4fd648890d357c14928bd8c8c5295702b870841b
- SHA256
  
  278b095c0694af6600aea03963b86d9b19c2811651ca792508de36c7ec55a250
- SHA512
  
  d1bd743329801f4871ef0c4fb29d9e939f727e48f28a55ac9d309384d866bfc15926570184ef26d7f3d23cc0221dc2d33e86e8d994e17890ad3a5ee713807924
- SSDEEP
  
  12288:hhQbEeX/zYMIxKzS7no9YB6Hd5fZoyr+oqfk2Aqk4:hh0//PIV7ob/oyr+oq7
Score

10^/10

redline sectoprat cheat discovery execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatdiscoveryexecutioninfostealerrattrojan

behavioral2

redlinesectopratcheatdiscoveryexecutioninfostealerrattrojan

© 2018-2024

Terms | Privacy