Overview

overview

10

Static

static

10

2fe3f6fc8b...19.exe

windows7-x64

10

2fe3f6fc8b...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fec851c3add3e7a3d1eba5a947de389ae49519c350ece746faed63370378612.zip

  • Size

    48KB

  • Sample

    250325-tprmnasmw8

  • MD5

    97b4c35f15605b06e4fd00091403684c

  • SHA1

    587ab22ea308c25cd321fb6c2f3e27dcf6a6979a

  • SHA256

    2fec851c3add3e7a3d1eba5a947de389ae49519c350ece746faed63370378612

  • SHA512

    13d587104f9c2723ca4b30eeb2cafd8451b30445ed9d6f984dcb0e56b908e9e5ddbd5f2a403632aa09fe57b671de0f39f16039545e375848593230b6058b50d5

  • SSDEEP

    768:IRd7QB4TiBZp28v+t55sVmci1V51S3AJF8/eG5oSilhzeWfnX71sy9clViH:8u7Zp28vw1n1VHIAsL3wX7nulUH

Score
10/10
redlinesectopratutsdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.20:13441

Targets

    • Target

      2fe3f6fc8b9b9f4d1bddc0e97ddd64229da2a069cf199bcd435d14a3e27e4e19.exe

    • Size

      118KB

    • MD5

      f0f9a9448f7a0494d9bf6e11694bfce0

    • SHA1

      e3d5c8af3b294813b562fead751cc5c2f5c8a51c

    • SHA256

      2fe3f6fc8b9b9f4d1bddc0e97ddd64229da2a069cf199bcd435d14a3e27e4e19

    • SHA512

      6e65ca507544ffe889020f61f1020aac0c3d2569985bb740ecfdbaae1c46ffaa0540dd19ca9a7a07ad31c0a743e5bb49f94cedaf585e2cccd0cecf02b7516f02

    • SSDEEP

      3072:BKrmz3BY8es6F0WtZkeMMMMMMMMMMMMMMMMMMMMM7eMMMMMMMMMMMMMMMMMMMMMj:BK18StIexyaCv

    Score
    10/10
    redlinesectopratutsdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.