redline | dff98fa2ef4c751903606f1748844898a8254e799ae572725c64d9ebdba7a28c | Triage

Submit
Reports

Overview

overview

Static

static

c5d9fd491b...88.exe

windows7-x64

c5d9fd491b...88.exe

windows10-2004-x64

Sharing

General

Target

c5d9fd491bc842c805fc0503f56cba88.exe
Size

95KB
Sample

250126-wlvw1syld1
MD5

c5d9fd491bc842c805fc0503f56cba88
SHA1

41b5de0eb29bf849149267b0a58d851eaaf86e36
SHA256

dff98fa2ef4c751903606f1748844898a8254e799ae572725c64d9ebdba7a28c
SHA512

b395f06d01e930975889a38927325270993d915da4ec346d0763a17601fb027b0126090a0e6c64ca234c53ee2e4ae85a8b82e1e7a9d14eea7945e8a10c0c5e31
SSDEEP

1536:Bqs+FRcqWClbG6jejoigI743Ywzi0Zb78ivombfexv0ujXyyed2ItmulgS6pUl:veRclyY7+zi0ZbYe1g0ujyzdEU

Score

10^/10

redline sectoprat hwidspoofer discovery infostealer rat spyware stealer trojan

Static task

static1

hwidspoofer redline sectoprat

5 signatures

Behavioral task

behavioral1

Sample

c5d9fd491bc842c805fc0503f56cba88.exe

Resource

win7-20240729-en

redline sectoprat hwidspoofer discovery infostealer rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c5d9fd491bc842c805fc0503f56cba88.exe

Resource

win10v2004-20241007-en

redline sectoprat hwidspoofer discovery infostealer rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

hwidspoofer

C2

51.89.201.52:47142

Targets

- Target
  
  c5d9fd491bc842c805fc0503f56cba88.exe
- Size
  
  95KB
- MD5
  
  c5d9fd491bc842c805fc0503f56cba88
- SHA1
  
  41b5de0eb29bf849149267b0a58d851eaaf86e36
- SHA256
  
  dff98fa2ef4c751903606f1748844898a8254e799ae572725c64d9ebdba7a28c
- SHA512
  
  b395f06d01e930975889a38927325270993d915da4ec346d0763a17601fb027b0126090a0e6c64ca234c53ee2e4ae85a8b82e1e7a9d14eea7945e8a10c0c5e31
- SSDEEP
  
  1536:Bqs+FRcqWClbG6jejoigI743Ywzi0Zb78ivombfexv0ujXyyed2ItmulgS6pUl:veRclyY7+zi0ZbYe1g0ujyzdEU
Score

10^/10

redline sectoprat hwidspoofer discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

hwidspooferredlinesectoprat

behavioral1

redlinesectoprathwidspooferdiscoveryinfostealerratspywarestealertrojan

behavioral2

redlinesectoprathwidspooferdiscoveryinfostealerratspywarestealertrojan

© 2018-2025

Terms | Privacy