redline | 2d97f9172f4ca5cc797189f727b04f4766cbf7141ea10ae32a76cd7fe3170102 | Triage

Submit
Reports

Overview

overview

Static

static

3

Pictures.exe

windows7-x64

Pictures.exe

windows10-2004-x64

Sharing

General

Target

2d97f9172f4ca5cc797189f727b04f4766cbf7141ea10ae32a76cd7fe3170102
Size

693KB
Sample

250220-cap2vatpgk
MD5

374f8da083ce9e4a1ae01b2f53b89d3a
SHA1

d9d8957a0e8449bfd57ea5d25797faf30a582920
SHA256

2d97f9172f4ca5cc797189f727b04f4766cbf7141ea10ae32a76cd7fe3170102
SHA512

8e970420e75fe7f96759b4b749ea4e7d5c0043456823b2acb602ee00bd6b06227abc88577dac41c77b7f1e3e1513be7d02c2019944d405c9a59f29570c767d93
SSDEEP

12288:1Wi++I5SD94HIpZJRMKSuCs4ctQlCSLsQfIJDt9afnben:DnqHIkGFtQlCSL9wJDnavben

Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Pictures.exe

Resource

win7-20240903-en

redline sectoprat cheat discovery infostealer rat spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Pictures.exe

Resource

win10v2004-20250217-en

redline sectoprat cheat discovery infostealer rat spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.44:55615

Targets

- Target
  
  Pictures.exe
- Size
  
  877KB
- MD5
  
  5fe61dbd19271b37f733be749530031f
- SHA1
  
  51e489aa4b73aac7c6116a3de0ad1e03fd0716c8
- SHA256
  
  ab82349ff6e283c364a3188708ac4d581782d072a9e9c04c8381fbd1bec4cfea
- SHA512
  
  dfa10f1e1620c9861ca6bb9b7f3b1aa82e3f41457b52f2d5273d1e4ce07df28ec429f4a1dc7b3c61892d9a404ea58b25926aaf0d58966d167180d615c908707e
- SSDEEP
  
  12288:yZFKLCVORpMn++jGNXzDn47MpFFjMKSucsiYJOlAStqwfGJD192hsilrUSX59:sOdxW7MOGtJOlAStHeJDv2qqUe9
Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

behavioral2

redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

© 2018-2025

Terms | Privacy