redline

General

Target

9b2b2b8bff06f1758f397e52e979a79b_JaffaCakes118
Size

1.1MB
Sample

241125-nhl6pstrew
MD5

9b2b2b8bff06f1758f397e52e979a79b
SHA1

7a65245a878e6eb36ccb012d34e16712db1bf301
SHA256

571786689eaa97a14299d2687050789ea23664beb993804d6ebf0ee6bf8f216b
SHA512

9205161b63ae866ad6da86ea1aac0bc0eb12e4799dca265bfcbf64eea5d3496edddcc5ad01d80733a6d97dcf32eafbd8c9d83eecacd9e67201d09a2611dafb90
SSDEEP

24576:gZ4msbtVTaVFI/JjB4XNq7l3ABxmaRSMfNy2s2ZCXrBqnC7rRZvPdrP+:gimsb9Jh4EQalXrFRZvVb+

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

904597320

C2

185.250.206.122:43180

Targets

- Target
  
  9b2b2b8bff06f1758f397e52e979a79b_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  9b2b2b8bff06f1758f397e52e979a79b
- SHA1
  
  7a65245a878e6eb36ccb012d34e16712db1bf301
- SHA256
  
  571786689eaa97a14299d2687050789ea23664beb993804d6ebf0ee6bf8f216b
- SHA512
  
  9205161b63ae866ad6da86ea1aac0bc0eb12e4799dca265bfcbf64eea5d3496edddcc5ad01d80733a6d97dcf32eafbd8c9d83eecacd9e67201d09a2611dafb90
- SSDEEP
  
  24576:gZ4msbtVTaVFI/JjB4XNq7l3ABxmaRSMfNy2s2ZCXrBqnC7rRZvPdrP+:gimsb9Jh4EQalXrFRZvVb+
Score

10^/10

redline sectoprat 904597320 discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2