redline

General

Target

JaffaCakes118_6e243a2e73e401b08defb7b9deaa3e64
Size

384KB
Sample

250103-vm73asxkhm
MD5

6e243a2e73e401b08defb7b9deaa3e64
SHA1

765002a27c2fb7c2808a6e5283ea6317e938d0f1
SHA256

fea992c752a12aaabf930103550cdf03dc9a97079211cb8e7f9e345c73eae4df
SHA512

56888a27023bed4768b46531394e71a1c14eab8e985bfd40a9f84960af9b17eb6fd9e7c712ffa3c1063b698dc1a5033b55d9757292c7b72c345f8949fb1a1348
SSDEEP

12288:Ow2u8w4nZ9G8+eaDCPzePnb+/xStUEKI:R8Vn+8+JDRTwx

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

part1

C2

45.9.20.107:46187

Attributes

auth_value
60c75f1e2d31f6bac6dd7edad67d8615

Targets

- Target
  
  JaffaCakes118_6e243a2e73e401b08defb7b9deaa3e64
- Size
  
  384KB
- MD5
  
  6e243a2e73e401b08defb7b9deaa3e64
- SHA1
  
  765002a27c2fb7c2808a6e5283ea6317e938d0f1
- SHA256
  
  fea992c752a12aaabf930103550cdf03dc9a97079211cb8e7f9e345c73eae4df
- SHA512
  
  56888a27023bed4768b46531394e71a1c14eab8e985bfd40a9f84960af9b17eb6fd9e7c712ffa3c1063b698dc1a5033b55d9757292c7b72c345f8949fb1a1348
- SSDEEP
  
  12288:Ow2u8w4nZ9G8+eaDCPzePnb+/xStUEKI:R8Vn+8+JDRTwx
Score

10^/10

redline sectoprat part1 discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2