redline

General

Target

JaffaCakes118_7bc234de5adba4aeabfa8adfa0943c2b
Size

422KB
Sample

250107-1y43nsspfq
MD5

7bc234de5adba4aeabfa8adfa0943c2b
SHA1

269f7775c7c689a5a8ed9a4bf98ecd10abf2510d
SHA256

0e29d108cf531ab1eadd49edb2d4e432497fddf6eb852c604647588245674b9c
SHA512

34ad92d976f6912b480f4ff29af772e98d3237b8d789ff2edcaf66944593807a3e89ae74238a82ba3df6d8f509006381af97438484f45de60975d5028289bc7c
SSDEEP

6144:ZChhlSEK+iEdvpbOC7dsKpCwDTaBKx2BP:4hhlSEK+iEdvpbOC7dsKpCwDTaBKwBP

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

ROBLOX_HACK_BY_RUBIKON24

C2

185.215.113.71:16254

Attributes

auth_value
38b425e6d36d640ba20ef1488613e806

Targets

- Target
  
  JaffaCakes118_7bc234de5adba4aeabfa8adfa0943c2b
- Size
  
  422KB
- MD5
  
  7bc234de5adba4aeabfa8adfa0943c2b
- SHA1
  
  269f7775c7c689a5a8ed9a4bf98ecd10abf2510d
- SHA256
  
  0e29d108cf531ab1eadd49edb2d4e432497fddf6eb852c604647588245674b9c
- SHA512
  
  34ad92d976f6912b480f4ff29af772e98d3237b8d789ff2edcaf66944593807a3e89ae74238a82ba3df6d8f509006381af97438484f45de60975d5028289bc7c
- SSDEEP
  
  6144:ZChhlSEK+iEdvpbOC7dsKpCwDTaBKx2BP:4hhlSEK+iEdvpbOC7dsKpCwDTaBKwBP
Score

10^/10

redline sectoprat roblox_hack_by_rubikon24 discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2