redline | 1b63fbc4851c8ecd70f7311f0e7b91b96f07b54ffdaa7a6a83ec0ddb15356b96 | Triage

Submit
Reports

Overview

overview

Static

static

21e4c68118...59.exe

windows7-x64

21e4c68118...59.exe

windows10-2004-x64

Sharing

General

Target

f0c6f971c7f14c03d37f035434567fb5.bin
Size

43KB
Sample

250103-b913qavjc1
MD5

a9c0ebcce3e7ef32a69593c35480d922
SHA1

e93a91278740f8b0f21fd23015f0dce8553bed24
SHA256

1b63fbc4851c8ecd70f7311f0e7b91b96f07b54ffdaa7a6a83ec0ddb15356b96
SHA512

5d6cd8302bb30996faf0701f59fd4a456cd23cfa529a7205bcd40f87e85c57c8a05c13a1700574f14f4f84b6066b4655757bc5c353ccbad6351a3c916970a044
SSDEEP

768:VZuvRfJGYsPxNQ9kaxTlC+9ed32FrrmrX/zB7wq135sh5Rj0SBzu+x/:iJxGY+NbaxTwR32Fvevz9wqIYSBzp

Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

Static task

static1

cheat redline sectoprat

5 signatures

Behavioral task

behavioral1

Sample

21e4c68118505da33246b093c06fed75cc049c785db86ef79950fff50c206f59.exe

Resource

win7-20240903-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

21e4c68118505da33246b093c06fed75cc049c785db86ef79950fff50c206f59.exe

Resource

win10v2004-20241007-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

154.91.34.250:14555

Targets

- Target
  
  21e4c68118505da33246b093c06fed75cc049c785db86ef79950fff50c206f59.exe
- Size
  
  95KB
- MD5
  
  f0c6f971c7f14c03d37f035434567fb5
- SHA1
  
  96f7e647d2885f8eb92cb8ad56396bfce9562118
- SHA256
  
  21e4c68118505da33246b093c06fed75cc049c785db86ef79950fff50c206f59
- SHA512
  
  6fd2d11935752e3b1ee9ae1b948ddcf1d45650fe12d504fa06ae1b45f4209d65153b258b2317fe36a08aa87187ede49bc2b6c12e28a1670b9cf083ba9e4cd0aa
- SSDEEP
  
  1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2y3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdUY
Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

cheatredlinesectoprat

behavioral1

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

behavioral2

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

© 2018-2025

Terms | Privacy