redline | dae470f530f6af1882d7e0250003ebfbb849ea4ef1bd6ffe5b10cf49e622d161 | Triage

Submit
Reports

Overview

overview

Static

static

1

d36f9f85b5...18.exe

windows7-x64

d36f9f85b5...18.exe

windows10-2004-x64

Sharing

General

Target

d36f9f85b593eff9501abd1110f0e3ad_JaffaCakes118
Size

484KB
Sample

241207-y3cg4s1qcy
MD5

d36f9f85b593eff9501abd1110f0e3ad
SHA1

35e17561c3fff24d197823aa223ec263e7145924
SHA256

dae470f530f6af1882d7e0250003ebfbb849ea4ef1bd6ffe5b10cf49e622d161
SHA512

514b8a86f13abd7e4864c92f872ce94d3df641f00a45d64ffd6704db10f065f84ca12fc315fcddc995d8bb4afda0cd542aa5d68ee207db819211f888b4396f24
SSDEEP

6144:ufWbL6qWhszuvff147FHkdqhi5o1rOlPXj2r439tojSvdH7TC6:u26qqqJEdqhyo1SlPMstoWvx3C6

Score

10^/10

redline sectoprat @x50x50x50x50 defense_evasion discovery infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

d36f9f85b593eff9501abd1110f0e3ad_JaffaCakes118.exe

Resource

win7-20241023-en

redline sectoprat @x50x50x50x50 defense_evasion discovery infostealer rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

d36f9f85b593eff9501abd1110f0e3ad_JaffaCakes118.exe

Resource

win10v2004-20241007-en

redline sectoprat @x50x50x50x50 defense_evasion discovery infostealer rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@x50x50x50x50

C2

37.1.213.214:63028

Targets

- Target
  
  d36f9f85b593eff9501abd1110f0e3ad_JaffaCakes118
- Size
  
  484KB
- MD5
  
  d36f9f85b593eff9501abd1110f0e3ad
- SHA1
  
  35e17561c3fff24d197823aa223ec263e7145924
- SHA256
  
  dae470f530f6af1882d7e0250003ebfbb849ea4ef1bd6ffe5b10cf49e622d161
- SHA512
  
  514b8a86f13abd7e4864c92f872ce94d3df641f00a45d64ffd6704db10f065f84ca12fc315fcddc995d8bb4afda0cd542aa5d68ee207db819211f888b4396f24
- SSDEEP
  
  6144:ufWbL6qWhszuvff147FHkdqhi5o1rOlPXj2r439tojSvdH7TC6:u26qqqJEdqhyo1SlPMstoWvx3C6
Score

10^/10

redline sectoprat @x50x50x50x50 defense_evasion discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- System Binary Proxy Execution: Regsvcs/Regasm
  Abuse Regasm to proxy execution of malicious code.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

System Binary Proxy Execution

Regsvcs/Regasm

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectoprat@x50x50x50x50defense_evasiondiscoveryinfostealerrattrojan

behavioral2

redlinesectoprat@x50x50x50x50defense_evasiondiscoveryinfostealerrattrojan

© 2018-2025

Terms | Privacy