redline | d055158919303618dd79d0a6224de0fabbf28f7ab8daa9690b385e0b2b90a8d4 | Triage

Submit
Reports

Overview

overview

Static

static

1

JaffaCakes...a9.exe

windows7-x64

1

JaffaCakes...a9.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_ea3740a493711372b2da51dffaff8ba9
Size

156KB
Sample

250110-wbdjzstlhn
MD5

ea3740a493711372b2da51dffaff8ba9
SHA1

9cc76f3cf22d6f6a2f5a8beeef680fa375bbbb13
SHA256

d055158919303618dd79d0a6224de0fabbf28f7ab8daa9690b385e0b2b90a8d4
SHA512

40102f647f583167b332561831369de5c73e6b4e6a29991baca59d859daed05ce209eba59bf74cc9b80cb8033a9c041f25e2154dcc43f75d4fab1932be780ce5
SSDEEP

3072:T4WHLrhFy/MgFR5FtZhQOnBJHfSY/vbywd3qFqNyoP6cH+N4KhzKV:T9HLrkPTDHBJHfSY7F3soCTa7

Score

10^/10

redline sectoprat discovery infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

JaffaCakes118_ea3740a493711372b2da51dffaff8ba9.exe

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_ea3740a493711372b2da51dffaff8ba9.exe

Resource

win10v2004-20241007-en

redline sectoprat discovery infostealer rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

141.94.188.138:46419

Attributes

auth_value
3f48b95855158031ae9e7dafcb203009

Targets

- Target
  
  JaffaCakes118_ea3740a493711372b2da51dffaff8ba9
- Size
  
  156KB
- MD5
  
  ea3740a493711372b2da51dffaff8ba9
- SHA1
  
  9cc76f3cf22d6f6a2f5a8beeef680fa375bbbb13
- SHA256
  
  d055158919303618dd79d0a6224de0fabbf28f7ab8daa9690b385e0b2b90a8d4
- SHA512
  
  40102f647f583167b332561831369de5c73e6b4e6a29991baca59d859daed05ce209eba59bf74cc9b80cb8033a9c041f25e2154dcc43f75d4fab1932be780ce5
- SSDEEP
  
  3072:T4WHLrhFy/MgFR5FtZhQOnBJHfSY/vbywd3qFqNyoP6cH+N4KhzKV:T9HLrkPTDHBJHfSY7F3soCTa7
Score

10^/10

redline sectoprat discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinesectopratdiscoveryinfostealerrattrojan

© 2018-2025

Terms | Privacy