redline | 6c35facea27417051d4ffccbffd9a353ce00b548b50944d3ef4a246298c037f1 | Triage

Submit
Reports

Overview

overview

Static

static

1

JaffaCakes...c1.exe

windows7-x64

JaffaCakes...c1.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_eacbae9bdaa559182cf794986c6a10c1
Size

396KB
Sample

250110-wvyz2a1qhy
MD5

eacbae9bdaa559182cf794986c6a10c1
SHA1

6943b0ec8e128dd473010269b50b494b2cea1401
SHA256

6c35facea27417051d4ffccbffd9a353ce00b548b50944d3ef4a246298c037f1
SHA512

205b8b8c25ee6cab96a435bc4b9d4eb785c6824cf45ad6bb8d5d851f9dbd43afd313ed029c762a30559d4cdabba49a797ce48778e0fb312e91a479a238459bed
SSDEEP

6144:olHxrJ4N/xM5UKJmIf3OTCU+cENbB30A4PzE:IpJUskIm2PBz

Score

10^/10

redline sectoprat wincode discovery infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

JaffaCakes118_eacbae9bdaa559182cf794986c6a10c1.exe

Resource

win7-20240903-en

redline sectoprat wincode discovery infostealer rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_eacbae9bdaa559182cf794986c6a10c1.exe

Resource

win10v2004-20241007-en

redline sectoprat wincode discovery infostealer rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

wincode

C2

4life.longmusic.com:6640

Targets

- Target
  
  JaffaCakes118_eacbae9bdaa559182cf794986c6a10c1
- Size
  
  396KB
- MD5
  
  eacbae9bdaa559182cf794986c6a10c1
- SHA1
  
  6943b0ec8e128dd473010269b50b494b2cea1401
- SHA256
  
  6c35facea27417051d4ffccbffd9a353ce00b548b50944d3ef4a246298c037f1
- SHA512
  
  205b8b8c25ee6cab96a435bc4b9d4eb785c6824cf45ad6bb8d5d851f9dbd43afd313ed029c762a30559d4cdabba49a797ce48778e0fb312e91a479a238459bed
- SSDEEP
  
  6144:olHxrJ4N/xM5UKJmIf3OTCU+cENbB30A4PzE:IpJUskIm2PBz
Score

10^/10

redline sectoprat wincode discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratwincodediscoveryinfostealerrattrojan

behavioral2

redlinesectopratwincodediscoveryinfostealerrattrojan

© 2018-2025

Terms | Privacy