redline

General

Target

f0f4d1dd179596eafd377d8bb8c6a46aff07286d24be5534354bd9cee935eed6.exe
Size

529KB
Sample

241123-ktcjvsylcj
MD5

47132e6a81979d418d93760aa49e04d0
SHA1

62aded313a05140b031e5f01575d17747eceb858
SHA256

f0f4d1dd179596eafd377d8bb8c6a46aff07286d24be5534354bd9cee935eed6
SHA512

89f0598a85f6c90fabfdadefd3802047c528f8a748fca0dc8e31c5b733e69812bfba3782566f34ba3698222ba98998a3bbdec871c6a272e0dc3933b910cad095
SSDEEP

3072:xYD4sTC3kjkgSZ5LmDVen+VoWV1S4C7/hOE1Zz2ckcrjh44KRi2gtcv5b/7H:xYD4F3k5SZgVenKx11C1OE3t1tc5b/j

Score

10^/10

Malware Config

Extracted

Family

redline

C2

141.94.188.138:46419

Attributes

auth_value
3f48b95855158031ae9e7dafcb203009

Targets

- Target
  
  f0f4d1dd179596eafd377d8bb8c6a46aff07286d24be5534354bd9cee935eed6.exe
- Size
  
  529KB
- MD5
  
  47132e6a81979d418d93760aa49e04d0
- SHA1
  
  62aded313a05140b031e5f01575d17747eceb858
- SHA256
  
  f0f4d1dd179596eafd377d8bb8c6a46aff07286d24be5534354bd9cee935eed6
- SHA512
  
  89f0598a85f6c90fabfdadefd3802047c528f8a748fca0dc8e31c5b733e69812bfba3782566f34ba3698222ba98998a3bbdec871c6a272e0dc3933b910cad095
- SSDEEP
  
  3072:xYD4sTC3kjkgSZ5LmDVen+VoWV1S4C7/hOE1Zz2ckcrjh44KRi2gtcv5b/7H:xYD4F3k5SZgVenKx11C1OE3t1tc5b/j
Score

10^/10

redline sectoprat discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2