redline | 7f2288ebe5d4a3ef29e2c1c2a385d9cf92d1891a4a0311236ae1bcda8d8f15ab | Triage

Submit
Reports

Overview

overview

Static

static

0x00050000...94.exe

windows7-x64

0x00050000...94.exe

windows10-2004-x64

Sharing

General

Target

0x000500000001952c-294.dat
Size

95KB
Sample

241214-sa76esxlej
MD5

34f1172b124be266b5189a98d7ba6fcd
SHA1

8f0be9a995de173420e00a1b38461fc875215c90
SHA256

7f2288ebe5d4a3ef29e2c1c2a385d9cf92d1891a4a0311236ae1bcda8d8f15ab
SHA512

6d719e0d6c44604439ca97975f0e463b348c9ca324580e8c96b627110c4fafc72e94fc155464a280985da038e14d5da9b092133fc8915d17e3370cd48c66e4a9
SSDEEP

1536:aqsCwqR7lbG6jejoigIL43Ywzi0Zb78ivombfexv0ujXyyed22teulgS6pw:IDmRYL+zi0ZbYe1g0ujyzdGw

Score

10^/10

redline sectoprat lisecloud -- livetraffic discovery infostealer rat spyware stealer trojan

Static task

static1

lisecloud -- livetraffic redline sectoprat

5 signatures

Behavioral task

behavioral1

Sample

0x000500000001952c-294.exe

Resource

win7-20241023-en

redline sectoprat lisecloud -- livetraffic discovery infostealer rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x000500000001952c-294.exe

Resource

win10v2004-20241007-en

redline sectoprat lisecloud -- livetraffic discovery infostealer rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

LiseCloud -- LiveTraffic

C2

107.189.17.186:28269

Targets

- Target
  
  0x000500000001952c-294.dat
- Size
  
  95KB
- MD5
  
  34f1172b124be266b5189a98d7ba6fcd
- SHA1
  
  8f0be9a995de173420e00a1b38461fc875215c90
- SHA256
  
  7f2288ebe5d4a3ef29e2c1c2a385d9cf92d1891a4a0311236ae1bcda8d8f15ab
- SHA512
  
  6d719e0d6c44604439ca97975f0e463b348c9ca324580e8c96b627110c4fafc72e94fc155464a280985da038e14d5da9b092133fc8915d17e3370cd48c66e4a9
- SSDEEP
  
  1536:aqsCwqR7lbG6jejoigIL43Ywzi0Zb78ivombfexv0ujXyyed22teulgS6pw:IDmRYL+zi0ZbYe1g0ujyzdGw
Score

10^/10

redline sectoprat lisecloud -- livetraffic discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

lisecloud -- livetrafficredlinesectoprat

behavioral1

redlinesectopratlisecloud -- livetrafficdiscoveryinfostealerratspywarestealertrojan

behavioral2

redlinesectopratlisecloud -- livetrafficdiscoveryinfostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy