redline | b3289635b42828dccce10e57b6fc40aad6b9369c402dc97724137efc7c65dc35 | Triage

Submit
Reports

Overview

overview

Static

static

1

JaffaCakes...af.exe

windows7-x64

1

JaffaCakes...af.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_3f644c6df63687c4dd2dce14fb2f2caf
Size

149KB
Sample

241231-3vfa9aykgp
MD5

3f644c6df63687c4dd2dce14fb2f2caf
SHA1

174181e38b8a79b37e090c28bcd22a1527096810
SHA256

b3289635b42828dccce10e57b6fc40aad6b9369c402dc97724137efc7c65dc35
SHA512

a1799ce4728a9f2ca4059c1401f754913c41ab204614ca4c8af7d35cbdd8288bb1f156d40bb322120872df0f97489cbbc6af65336d22512a0d643ef1e436a175
SSDEEP

3072:oVYWkvmsmG7KEn3e9tFY9CavuC1RkqVTsG246LY7pilc:oV+hjB3eS9E1qVTsJ4S+

Score

10^/10

redline sectoprat discovery infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

JaffaCakes118_3f644c6df63687c4dd2dce14fb2f2caf.exe

Resource

win7-20241010-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_3f644c6df63687c4dd2dce14fb2f2caf.exe

Resource

win10v2004-20241007-en

redline sectoprat discovery infostealer rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

141.94.188.138:46419

Attributes

auth_value
3f48b95855158031ae9e7dafcb203009

Targets

- Target
  
  JaffaCakes118_3f644c6df63687c4dd2dce14fb2f2caf
- Size
  
  149KB
- MD5
  
  3f644c6df63687c4dd2dce14fb2f2caf
- SHA1
  
  174181e38b8a79b37e090c28bcd22a1527096810
- SHA256
  
  b3289635b42828dccce10e57b6fc40aad6b9369c402dc97724137efc7c65dc35
- SHA512
  
  a1799ce4728a9f2ca4059c1401f754913c41ab204614ca4c8af7d35cbdd8288bb1f156d40bb322120872df0f97489cbbc6af65336d22512a0d643ef1e436a175
- SSDEEP
  
  3072:oVYWkvmsmG7KEn3e9tFY9CavuC1RkqVTsG246LY7pilc:oV+hjB3eS9E1qVTsJ4S+
Score

10^/10

redline sectoprat discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinesectopratdiscoveryinfostealerrattrojan

© 2018-2025

Terms | Privacy