redline

General

Target

99141122040f239ce0b23baeb64d866146eedf8053ef9c9727a04256dabcfc1f.exe
Size

4.7MB
Sample

241121-ap4sfa1mgn
MD5

cf7c61e828f71a26b8bfa0573990dbbb
SHA1

a2651583286580665d9f9ff902b925c64bcd2868
SHA256

99141122040f239ce0b23baeb64d866146eedf8053ef9c9727a04256dabcfc1f
SHA512

174485b5f9e451fbe39c288c1c9befddb1b5615f5022a2cba73131b8dbf16e1c5caf79ebfe4214c306c658ec4d7ae5a88d07786cc390b8dc18a5caf354b09f1c
SSDEEP

98304:hLEGnnBSDWQ6H3YC0ctCMRUeKHCG39M5aiLxwBk2QJ:lSEYC02NKR3JkVJ

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@veteran322

C2

ananasalit.xyz:81

Attributes

auth_value
55d48a1a930cf4d6f3e2d6bcd0daaf07

Targets

- Target
  
  99141122040f239ce0b23baeb64d866146eedf8053ef9c9727a04256dabcfc1f.exe
- Size
  
  4.7MB
- MD5
  
  cf7c61e828f71a26b8bfa0573990dbbb
- SHA1
  
  a2651583286580665d9f9ff902b925c64bcd2868
- SHA256
  
  99141122040f239ce0b23baeb64d866146eedf8053ef9c9727a04256dabcfc1f
- SHA512
  
  174485b5f9e451fbe39c288c1c9befddb1b5615f5022a2cba73131b8dbf16e1c5caf79ebfe4214c306c658ec4d7ae5a88d07786cc390b8dc18a5caf354b09f1c
- SSDEEP
  
  98304:hLEGnnBSDWQ6H3YC0ctCMRUeKHCG39M5aiLxwBk2QJ:lSEYC02NKR3JkVJ
Score

10^/10

redline sectoprat @veteran322 discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2