redline | c9ae7d325d8f08613bb8dff54d14591f4fbdd4f289509092b4fbb16c6b855d71 | Triage

Sharing

General

Target

Redline.zip
Size

15.0MB
Sample

250207-w4zb6askft
MD5

0f686985e788860aa57fd6c0394b31ac
SHA1

16a28142b90396bdec88b542856afc6a1d61de63
SHA256

c9ae7d325d8f08613bb8dff54d14591f4fbdd4f289509092b4fbb16c6b855d71
SHA512

42547b6a691c89ed58b8aa0bbd4e11b1c4411bd5291c10a8f575d5c2b8418fb2ed59f14a9838db3864468d751b396abbae0bf0389e407dc7c6e0013c47dfa036
SSDEEP

393216:Qo/GNMywpahzUACC3ubztEDnaYSH0DrmLMlvWqYiABvXpyVIqtR5R:Qo/GUCUAJ3uVmaiDr1Wln1ZyV/R5R

Score

10^/10

redline sectoprat discovery infostealer rat trojan

Malware Config

Targets

- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Drcrypter Forums.url
- Size
  
  177B
- MD5
  
  e81dc42ebc1188a370b40f571385e84e
- SHA1
  
  d416a5e3656d9e416836d549f6bb05f2a2520736
- SHA256
  
  bddb7ba8d41206c00df0a92735d4dd89b38e3e4358f4d5a5fc6ea94eb2a2da7e
- SHA512
  
  c66723b469aa66deca17a761540fb675b824627beb6c67be0c54ae96017e4364ec1c944cc7bb0c64a40ad9a2077e108eeef82242c8798705abb45882fd3f8b82
Score

1^/10
behavioral1 behavioral2
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Builder/Drcrypter Forums.url
- Size
  
  177B
- MD5
  
  e81dc42ebc1188a370b40f571385e84e
- SHA1
  
  d416a5e3656d9e416836d549f6bb05f2a2520736
- SHA256
  
  bddb7ba8d41206c00df0a92735d4dd89b38e3e4358f4d5a5fc6ea94eb2a2da7e
- SHA512
  
  c66723b469aa66deca17a761540fb675b824627beb6c67be0c54ae96017e4364ec1c944cc7bb0c64a40ad9a2077e108eeef82242c8798705abb45882fd3f8b82
Score

1^/10
behavioral3 behavioral4
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Builder/Kurome.Builder.exe
- Size
  
  137KB
- MD5
  
  cf38a4bde3fe5456dcaf2b28d3bfb709
- SHA1
  
  711518af5fa13f921f3273935510627280730543
- SHA256
  
  c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e
- SHA512
  
  3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc
- SSDEEP
  
  3072:abrwd8T7vH96NLS+ld4qRdxtiZQRWkmVnt749m3DIo9O:aH3TLH96NLS+n46dxICRcVntX
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Builder/Mono.Cecil.Mdb.dll
- Size
  
  42KB
- MD5
  
  1c6aca0f1b1fa1661fc1e43c79334f7c
- SHA1
  
  ec0f591a6d12e1ea7dc8714ec7e5ad7a04ef455d
- SHA256
  
  411f8ed8c49738fa38a56ed8f991d556227d13602e83186e66ae1c4f821c940b
- SHA512
  
  1c59e939d108f15881d29fe4ced4e5fa4a4476394b58b6eb464da77192cb8fe9221b7cd780af4596914d4cce7c3fc53f1bb567f944c58829de8efbe1fd87be76
- SSDEEP
  
  768:Ar5EYZep98C87KHeBUZwrEzsEAnbF+em50KktmM4CRIcZwMRTIzMAtpw:Ar59g98C87KHeBUb5AnZG+zdwMRTzAtS
Score

1^/10
behavioral7 behavioral8
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Builder/Mono.Cecil.Pdb.dll
- Size
  
  87KB
- MD5
  
  6d5eb860c2be5dbeb470e7d3f3e7dda4
- SHA1
  
  80c76660b87c52127b1a7da48e27700f75362041
- SHA256
  
  447ede1984bb4acd73bd97c0ec57a11c079cee8301c91fb199ca98c1906d3cc4
- SHA512
  
  64cf4fe7de68a35720d2b9338ba9cf182e127d95d72d2ccf7ff5c73a368133663e70c988a460825fa87b2d03717a4447948d5262f56aceb7c3bf1cb3ab5a41a5
- SSDEEP
  
  1536:2OCAsdBo+am5OMwr5IlALYKXgAJGsZhTjrjvjCXeO:ZCjta0OMuIlArVJGqT/jveXeO
Score

1^/10
behavioral10 behavioral9
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Builder/Mono.Cecil.Rocks.dll
- Size
  
  27KB
- MD5
  
  6e7f0f4fff6c49e3f66127c23b7f1a53
- SHA1
  
  14a529f8c7ee9f002d1e93dcf8ff158ab74c7e1a
- SHA256
  
  2e2623319bdc362974a78ea4a43f4893011ec257884d24267f4594142fcd436e
- SHA512
  
  0c773da6717dd6919cd6241d3cee26ab00bb61ea2dbeff24844a067af4c87ff5cbdb2fe3ada5db4707cee921b3fb353bd12ee22b8490597d4f67ad39bace235e
- SSDEEP
  
  384:70ve8JOuJ5iC7n2NwxEXCni+VXcMeDz8PmR1ugLoaeuLMBG9UphJAprjE3uFLHa9:7+m4iCyrXOhG8uRssveum1pMFLHFBvd
Score

1^/10
behavioral11 behavioral12
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Builder/Mono.Cecil.dll
- Size
  
  350KB
- MD5
  
  de69bb29d6a9dfb615a90df3580d63b1
- SHA1
  
  74446b4dcc146ce61e5216bf7efac186adf7849b
- SHA256
  
  f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc
- SHA512
  
  6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015
- SSDEEP
  
  6144:jIevdbLPNYe8bikm98KXPHhOWY/fFREomhUFD3z:se1PNL+QRfBg/f/EWFD
Score

1^/10
behavioral13 behavioral14
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Builder/stub.dll
- Size
  
  96KB
- MD5
  
  625ed01fd1f2dc43b3c2492956fddc68
- SHA1
  
  48461ef33711d0080d7c520f79a0ec540bda6254
- SHA256
  
  6824c2c92eb7cee929f9c6b91e75c8c1fc3bfe80495eba4fa27118d40ad82b2b
- SHA512
  
  1889c7cee50092fe7a66469eb255b4013624615bac3a9579c4287bf870310bdc9018b0991f0ad7a9227c79c9bd08fd0c6fc7ebe97f21c16b7c06236f3755a665
- SSDEEP
  
  1536:9G6ijoigzKqO1RUTBHQsu/0igR4vYVVlmbfaxv0ujXyyedOn4iwEEl:BSElHQ/ORUYos0ujyzdZl
Score

10^/10

redline sectoprat discovery infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
behavioral15 behavioral16
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Host/Drcrypter Forums.url
- Size
  
  177B
- MD5
  
  e81dc42ebc1188a370b40f571385e84e
- SHA1
  
  d416a5e3656d9e416836d549f6bb05f2a2520736
- SHA256
  
  bddb7ba8d41206c00df0a92735d4dd89b38e3e4358f4d5a5fc6ea94eb2a2da7e
- SHA512
  
  c66723b469aa66deca17a761540fb675b824627beb6c67be0c54ae96017e4364ec1c944cc7bb0c64a40ad9a2077e108eeef82242c8798705abb45882fd3f8b82
Score

1^/10
behavioral17 behavioral18
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Host/Kurome.Host.exe
- Size
  
  119KB
- MD5
  
  4fde0f80c408af27a8d3ddeffea12251
- SHA1
  
  e834291127af150ce287443c5ea607a7ae337484
- SHA256
  
  1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb
- SHA512
  
  3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5
- SSDEEP
  
  3072:KEdjrOO8+K46SgVE+mxzqT67iLRi/Gj81GUpYb:KjQjgPmxzq27iLRiuAPp
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Host/Kurome.WCF.dll
- Size
  
  123KB
- MD5
  
  e3d39e30e0cdb76a939905da91fe72c8
- SHA1
  
  433fc7dc929380625c8a6077d3a697e22db8ed14
- SHA256
  
  4bfa493b75361920e6403c3d85d91a454c16ddda89a97c425257e92b352edd74
- SHA512
  
  9bb3477023193496ad20b7d11357e510ba3d02b036d6f35f57d061b1fc4d0f6cb3055ae040d78232c8a732d9241699ddcfac83cc377230109bf193736d9f92b8
- SSDEEP
  
  3072:9mWO8dR1mB5UzPU7vdTm8pLetBD0PQbP1:g2dL8ewbJnpBe
Score

1^/10
behavioral21 behavioral22
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Loader/Drcrypter Forums.url
- Size
  
  177B
- MD5
  
  e81dc42ebc1188a370b40f571385e84e
- SHA1
  
  d416a5e3656d9e416836d549f6bb05f2a2520736
- SHA256
  
  bddb7ba8d41206c00df0a92735d4dd89b38e3e4358f4d5a5fc6ea94eb2a2da7e
- SHA512
  
  c66723b469aa66deca17a761540fb675b824627beb6c67be0c54ae96017e4364ec1c944cc7bb0c64a40ad9a2077e108eeef82242c8798705abb45882fd3f8b82
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Kurome.Loader/Kurome.Loader.exe
- Size
  
  2.2MB
- MD5
  
  a3ec05d5872f45528bbd05aeecf0a4ba
- SHA1
  
  68486279c63457b0579d86cd44dd65279f22d36f
- SHA256
  
  d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e
- SHA512
  
  b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e
- SSDEEP
  
  49152:KSmo0SdsEoRykUuulqasMwMcdZa9FHeXXGFr3sylP2/BQ7MWV:lm7UQRyksl9cXwFHeX2t8y21
Score

4^/10

discovery
behavioral25 behavioral26
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Panel/Drcrypter Forums.url
- Size
  
  177B
- MD5
  
  e81dc42ebc1188a370b40f571385e84e
- SHA1
  
  d416a5e3656d9e416836d549f6bb05f2a2520736
- SHA256
  
  bddb7ba8d41206c00df0a92735d4dd89b38e3e4358f4d5a5fc6ea94eb2a2da7e
- SHA512
  
  c66723b469aa66deca17a761540fb675b824627beb6c67be0c54ae96017e4364ec1c944cc7bb0c64a40ad9a2077e108eeef82242c8798705abb45882fd3f8b82
Score

1^/10
behavioral27 behavioral28
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Panel/RedLine_20_2/FAQ (English).docx
- Size
  
  30KB
- MD5
  
  a973ea85439ddfe86379d47e19da4dca
- SHA1
  
  78f60711360ddd46849d128e7a5d1b68b1d43f9f
- SHA256
  
  c197833a3fd69e98fbf2b02e9da232ff2867e1e684d420fd3975188c0e0e202b
- SHA512
  
  4a3fad33cccb15ea2d98bc30141744ba6709afec52d429ac0916aa656f4b611fdeda4b37812f0a72b90de000fc5c0f95bb445e5df67fc4ba6f93de5ce55df510
- SSDEEP
  
  768:oi87zWNuZn3IZElFoL+goT2Ir9259IQ+409:oi8mQnXFoigoRr9aIvX9
Score

4^/10

discovery
behavioral29 behavioral30
- Target
  
  Redline-Botnet-_ed--drcrypter.ru-/Redline Botnet Cracked [drcrypter.ru]/Panel/RedLine_20_2/FAQ(RUS).docx
- Size
  
  51KB
- MD5
  
  aa9534a22d08fb17b6c50164ca226aba
- SHA1
  
  9d68e6e4b0ea3c41ad7f70733dc53628962765ce
- SHA256
  
  e3f9590d0a28e8f17d40f9a5a5489a963c6d5e722a324adf0d1d666ea424c89f
- SHA512
  
  a4290cf0f3ecbb25078a0d3f870ed6abcab83d831e107f59730cf5fbdbc0268ac831d8f31f18a08794e27e51ba302ecb5bdd4bac85f3887844ed881c363bb8b9
- SSDEEP
  
  1536:YmF2FkS3yM0Yj3ePetyogAcLrANZLI3dakgXeV:YNFkGem74Lr+k3v7V
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

redlinesectoprat

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

redlinesectopratdiscoveryinfostealerrattrojan

behavioral16

redlinesectopratdiscoveryinfostealerrattrojan

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32