Overview

overview

10

Static

static

1

2024-10-23...re.zip

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-23-Redline-Stealer-malware.zip

  • Size

    1.0MB

  • Sample

    250121-sm4nrszran

  • MD5

    22199290893654e514654bc8dbaccdc1

  • SHA1

    8aa074632d3a3c02f6f7261bba5f8a8c0566e4eb

  • SHA256

    8c0653f6eb0d868609f7aad4f80f56fd34480b6d4feb29fd3aa27b1ad57fd2e9

  • SHA512

    34946b79c13fb347fa34a5fcbd2206daa518eb2fb6aa0c14978436fa143a0f065b139f23726f3f47ff0283c055e3de36bfd69a7a7033fe9df1b9566f8a265850

  • SSDEEP

    24576:N2+OMJPYJ9bXy8Mwl7GgzqWWacRuPht7HCj2SetZz/:NpXJPMXyyvrc4PT7uotZz/

Score
10/10
redlinesectopratpeediscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

pee

C2

188.190.10.10:55123

Targets

    • Target

      2024-10-23-Redline-Stealer-malware.zip

    • Size

      1.0MB

    • MD5

      22199290893654e514654bc8dbaccdc1

    • SHA1

      8aa074632d3a3c02f6f7261bba5f8a8c0566e4eb

    • SHA256

      8c0653f6eb0d868609f7aad4f80f56fd34480b6d4feb29fd3aa27b1ad57fd2e9

    • SHA512

      34946b79c13fb347fa34a5fcbd2206daa518eb2fb6aa0c14978436fa143a0f065b139f23726f3f47ff0283c055e3de36bfd69a7a7033fe9df1b9566f8a265850

    • SSDEEP

      24576:N2+OMJPYJ9bXy8Mwl7GgzqWWacRuPht7HCj2SetZz/:NpXJPMXyyvrc4PT7uotZz/

    Score
    10/10
    redlinesectopratpeediscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks