redline | 72ef04b633c90ce77442104498f7b667e6bcf0deee9c837beb54d8d3bb3503e0 | Triage

Submit
Reports

Overview

overview

Static

static

3

014b2ca1f9...31.exe

windows7-x64

014b2ca1f9...31.exe

windows10-2004-x64

Sharing

General

Target

014b2ca1f9e6ad821c1a384b9d384f31.exe
Size

998KB
Sample

250222-ve9wxswky8
MD5

014b2ca1f9e6ad821c1a384b9d384f31
SHA1

fca0ae3b21d561c530c5a52af19150100b2e0a6c
SHA256

72ef04b633c90ce77442104498f7b667e6bcf0deee9c837beb54d8d3bb3503e0
SHA512

26cc6baa0654d7294df5a25f67d36d66ac7f918de9e3b92476170182ba64d9a5194a710aff90b642f0c0c7d8b1f9e0030814014f1372c85016bbcfeb18d97dfe
SSDEEP

12288:v6jb6G5xtiI95yS+c57boNna6xg20t4ham0gX:v05xt9E3nakiW

Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

014b2ca1f9e6ad821c1a384b9d384f31.exe

Resource

win7-20240903-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

014b2ca1f9e6ad821c1a384b9d384f31.exe

Resource

win10v2004-20250217-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.250:55615

Targets

- Target
  
  014b2ca1f9e6ad821c1a384b9d384f31.exe
- Size
  
  998KB
- MD5
  
  014b2ca1f9e6ad821c1a384b9d384f31
- SHA1
  
  fca0ae3b21d561c530c5a52af19150100b2e0a6c
- SHA256
  
  72ef04b633c90ce77442104498f7b667e6bcf0deee9c837beb54d8d3bb3503e0
- SHA512
  
  26cc6baa0654d7294df5a25f67d36d66ac7f918de9e3b92476170182ba64d9a5194a710aff90b642f0c0c7d8b1f9e0030814014f1372c85016bbcfeb18d97dfe
- SSDEEP
  
  12288:v6jb6G5xtiI95yS+c57boNna6xg20t4ham0gX:v05xt9E3nakiW
Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

behavioral2

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

© 2018-2025

Terms | Privacy