redline | 2d8a45f0de92aeb5fc5495c2df0072a00e4d2215b0b2c1ccfd1580d752e32f27 | Triage

Submit
Reports

Overview

overview

Static

static

3

41ece00a8f...96.exe

windows7-x64

41ece00a8f...96.exe

windows10-2004-x64

Sharing

General

Target

41ece00a8f6eb23dc9b2c4e839264896.exe
Size

590KB
Sample

250324-wjer1sxk16
MD5

41ece00a8f6eb23dc9b2c4e839264896
SHA1

019af05aedb454d15f193713fef31524cfab6e6d
SHA256

2d8a45f0de92aeb5fc5495c2df0072a00e4d2215b0b2c1ccfd1580d752e32f27
SHA512

6575ec2bee5e4389050b115dfdc7c0d4cae780fdd5d24478981b0c4caa79c31751be6d3ce7655fd6ca5769fcebad90072c31971d0f697ca924ba431951bf7290
SSDEEP

12288:WQAvPbfo3cZiJDYH3T2iOltmr7VUdNsf3z6mvNg8tytefqLTf1:OvPbxZ6DOFo0rebsP7vNg9teyTd

Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

41ece00a8f6eb23dc9b2c4e839264896.exe

Resource

win7-20240903-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

41ece00a8f6eb23dc9b2c4e839264896.exe

Resource

win10v2004-20250314-en

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.57.71:55615

Targets

- Target
  
  41ece00a8f6eb23dc9b2c4e839264896.exe
- Size
  
  590KB
- MD5
  
  41ece00a8f6eb23dc9b2c4e839264896
- SHA1
  
  019af05aedb454d15f193713fef31524cfab6e6d
- SHA256
  
  2d8a45f0de92aeb5fc5495c2df0072a00e4d2215b0b2c1ccfd1580d752e32f27
- SHA512
  
  6575ec2bee5e4389050b115dfdc7c0d4cae780fdd5d24478981b0c4caa79c31751be6d3ce7655fd6ca5769fcebad90072c31971d0f697ca924ba431951bf7290
- SSDEEP
  
  12288:WQAvPbfo3cZiJDYH3T2iOltmr7VUdNsf3z6mvNg8tytefqLTf1:OvPbxZ6DOFo0rebsP7vNg9teyTd
Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

behavioral2

redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

© 2018-2025

Terms | Privacy