redline

General

Target

JaffaCakes118_09b940b1ca2f7a46289f8f06ac95f873
Size

4.6MB
Sample

241231-hrzv9stkcv
MD5

09b940b1ca2f7a46289f8f06ac95f873
SHA1

99659a326ac5502f2673623930daa27358bab499
SHA256

7846f36f1ae5ad0c7347c9a429f189fb93e004211bd2b54a930eb6a0eda46134
SHA512

d5eca922276a94440e7d496c69a7839b1530a4d25487b3ffcce6c6e04184ff483a7efa96250f89aedea565ebd1f8e3e6dc358d3410fb2863b80e9259460c786c
SSDEEP

98304:ZLvCtY2fD/NQGYkihGeAUdxL4PKdfWs8fJmj0NeRz40ahRSKyU4:MvfD1NBikvcxyKdl8f0j0eJahc

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@tvoiya_sydba

C2

185.209.22.181:34925

Attributes

auth_value
5a0918bd3e8ede8e02c8dd9d106a996d

Targets

- Target
  
  JaffaCakes118_09b940b1ca2f7a46289f8f06ac95f873
- Size
  
  4.6MB
- MD5
  
  09b940b1ca2f7a46289f8f06ac95f873
- SHA1
  
  99659a326ac5502f2673623930daa27358bab499
- SHA256
  
  7846f36f1ae5ad0c7347c9a429f189fb93e004211bd2b54a930eb6a0eda46134
- SHA512
  
  d5eca922276a94440e7d496c69a7839b1530a4d25487b3ffcce6c6e04184ff483a7efa96250f89aedea565ebd1f8e3e6dc358d3410fb2863b80e9259460c786c
- SSDEEP
  
  98304:ZLvCtY2fD/NQGYkihGeAUdxL4PKdfWs8fJmj0NeRz40ahRSKyU4:MvfD1NBikvcxyKdl8f0j0eJahc
Score

10^/10

redline sectoprat @tvoiya_sydba discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2