redline

General

Target

JaffaCakes118_bfe9a386eb32f475de892c11461c27f9
Size

1.1MB
Sample

250105-1y283szkfk
MD5

bfe9a386eb32f475de892c11461c27f9
SHA1

96f2628f347ad7227bc71f841a81c58981f671e3
SHA256

aa6824d7556f502756865c7ba66061b8b20027671e8669599a4428c78d542de4
SHA512

c81c3a428597b061672fb6a9ea458a429b5957c091c1301c5c3cf7629361dc54e439a7cb8abcc31bdc15192b31329c1e5d6a7364d7be8d95260cdab4cda6305d
SSDEEP

24576:clJFTGWWLQ7ns9A7bafDkjX/805FV98jvesTDyXqVx2Rv55cKNhZGa:clJBGW+QT8AIkjP9jVCuXigZcSh

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@IvanNotDie

C2

141.94.112.3:11722

Targets

- Target
  
  JaffaCakes118_bfe9a386eb32f475de892c11461c27f9
- Size
  
  1.1MB
- MD5
  
  bfe9a386eb32f475de892c11461c27f9
- SHA1
  
  96f2628f347ad7227bc71f841a81c58981f671e3
- SHA256
  
  aa6824d7556f502756865c7ba66061b8b20027671e8669599a4428c78d542de4
- SHA512
  
  c81c3a428597b061672fb6a9ea458a429b5957c091c1301c5c3cf7629361dc54e439a7cb8abcc31bdc15192b31329c1e5d6a7364d7be8d95260cdab4cda6305d
- SSDEEP
  
  24576:clJFTGWWLQ7ns9A7bafDkjX/805FV98jvesTDyXqVx2Rv55cKNhZGa:clJBGW+QT8AIkjP9jVCuXigZcSh
Score

10^/10

redline sectoprat @ivannotdie discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2