redline | 85273b02df3b1611648f0187d890fbbefed5865f93453af003a18e8729b1e627 | Triage

Submit
Reports

Overview

overview

Static

static

3

f37bc82cab...18.exe

windows7-x64

f37bc82cab...18.exe

windows10-2004-x64

Sharing

General

Target

f37bc82cabddf6a2435471b1ccaabd28_JaffaCakes118
Size

1.1MB
Sample

241215-l3p2zs1jgy
MD5

f37bc82cabddf6a2435471b1ccaabd28
SHA1

c059334d7becada6015d5ee98f14fd5a7e35b03e
SHA256

85273b02df3b1611648f0187d890fbbefed5865f93453af003a18e8729b1e627
SHA512

adec9695688c782148c39f215efbae6d07cd139317e34c51658640de251c5cbb03db8a0e8635fbc5a682e85c29ad41826cc71d548bfdfc7ade714a33ac7a5026
SSDEEP

24576:RSLXvGxcpX6vR5lqSTx3QnPypPBwijZ4XyKFO1uY7m5HQYk:6OaYZ5jQn6VBwid4XyuqRyk

Score

10^/10

redline sectoprat felix1008 discovery infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f37bc82cabddf6a2435471b1ccaabd28_JaffaCakes118.exe

Resource

win7-20241023-en

redline sectoprat felix1008 discovery infostealer rat trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

f37bc82cabddf6a2435471b1ccaabd28_JaffaCakes118.exe

Resource

win10v2004-20241007-en

redline sectoprat felix1008 discovery infostealer rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

felix1008

C2

193.188.22.4:45689

Targets

- Target
  
  f37bc82cabddf6a2435471b1ccaabd28_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  f37bc82cabddf6a2435471b1ccaabd28
- SHA1
  
  c059334d7becada6015d5ee98f14fd5a7e35b03e
- SHA256
  
  85273b02df3b1611648f0187d890fbbefed5865f93453af003a18e8729b1e627
- SHA512
  
  adec9695688c782148c39f215efbae6d07cd139317e34c51658640de251c5cbb03db8a0e8635fbc5a682e85c29ad41826cc71d548bfdfc7ade714a33ac7a5026
- SSDEEP
  
  24576:RSLXvGxcpX6vR5lqSTx3QnPypPBwijZ4XyKFO1uY7m5HQYk:6OaYZ5jQn6VBwid4XyuqRyk
Score

10^/10

redline sectoprat felix1008 discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratfelix1008discoveryinfostealerrattrojan

behavioral2

redlinesectopratfelix1008discoveryinfostealerrattrojan

© 2018-2024

Terms | Privacy