redline

Resubmissions

31/03/2025, 15:09

250331-sjekgavmw8 10

31/03/2025, 09:21

250331-lbfn8swvdy 10

Sharing

Copy URL

Twitter E-mail

General

Target

dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45
Size

492KB
Sample

250331-sjekgavmw8
MD5

c929640b0e7a2874f73fe565aa65dc2e
SHA1

7dd1e7802aaa73808e6929281ef758bc1b4917c9
SHA256

dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45
SHA512

e1edbd1277de0229bffa364107a4e50127ed65c342663ab0cdc28f2760d44b3e370d6a264dbeb54a7f7f072f2c239aa436fc3d0d6841acf10631378be7d5f799
SSDEEP

6144:tiNMmZK9n9qvkXMupslTWk+3P9ATlp3VnkAa1nbeCGh+SoXPFVhwalx1S6uS7N+R:tuMkmQvkfslKk4olp3dkbeLh+r1Eiydf

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

cheat

45.137.22.105:55615

Targets

- Target
  
  dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45
- Size
  
  492KB
- MD5
  
  c929640b0e7a2874f73fe565aa65dc2e
- SHA1
  
  7dd1e7802aaa73808e6929281ef758bc1b4917c9
- SHA256
  
  dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45
- SHA512
  
  e1edbd1277de0229bffa364107a4e50127ed65c342663ab0cdc28f2760d44b3e370d6a264dbeb54a7f7f072f2c239aa436fc3d0d6841acf10631378be7d5f799
- SSDEEP
  
  6144:tiNMmZK9n9qvkXMupslTWk+3P9ATlp3VnkAa1nbeCGh+SoXPFVhwalx1S6uS7N+R:tuMkmQvkfslKk4olp3dkbeLh+r1Eiydf
Score

3^/10

discovery
behavioral1 behavioral10 behavioral11 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9
- Target
  
  SAMPLE PICTURES.exe
- Size
  
  585KB
- MD5
  
  f62a95ab467661683d70271eecd84dfc
- SHA1
  
  9a5a922ccbb24a62e9bf56445febd15b5c8c86d7
- SHA256
  
  3f83cef30d4248da1845b186eecd318462279200f8f3aa99a272ae8b41f7836c
- SHA512
  
  2959c899b2f28858cd3d7841c960797d6f0035df1d166574c2f7e26012bf01151073c9115082595e5f58bb1e313f22da8e9d75a2b9e6310895bac6549decf18e
- SSDEEP
  
  12288:/vtLlZ7sluuswl7q4lyze3h+141K4tAd:ntklzF5yyx+1oHKd
Score

10^/10

redline sectoprat cheat discovery execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral12 behavioral13 behavioral14 behavioral15 behavioral16 behavioral17 behavioral18 behavioral19 behavioral20 behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22