redline | f37c28f29f9ebba6ff413931a169d1e8979c1cf321ae4dc9521769b3c3bda4c4 | Triage

Submit
Reports

Overview

overview

Static

static

3

88b889a147...73.exe

windows7-x64

88b889a147...73.exe

windows10-2004-x64

Sharing

General

Target

15f948da0e0786ee883bc9714ee6b47a.bin
Size

710KB
Sample

240616-bgn8fswhjr
MD5

19ca200f76382d4e64ae151332824899
SHA1

bd35faf0493a2212aeec9110da7d6d5cea08b764
SHA256

f37c28f29f9ebba6ff413931a169d1e8979c1cf321ae4dc9521769b3c3bda4c4
SHA512

22ae2011231d8d0f50b9bc92b1d80b6607e2ea4f1c7394d01830c3ac112d5acde42faabfc68002d43fe386c8439d0d4dccef1e7cc06e65de0d3aa6df5379fcfa
SSDEEP

12288:l4svvlgD63kcwR4CsDnoJymXCRtgUJuyZ7+HT8Y+3EfjxHnhOIYtIexhAdrJVa/4:PSe3XwR4Cbk3RiaYHYY+3EdhZcxhI2J6

Score

10^/10

redline sectoprat cheat execution infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

88b889a1477c81510c62a46c9eb1d77d386c59dceb0523e8b5734b6dde252573.exe

Resource

win7-20240220-en

redline sectoprat cheat execution infostealer rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

88b889a1477c81510c62a46c9eb1d77d386c59dceb0523e8b5734b6dde252573.exe

Resource

win10v2004-20240611-en

redline sectoprat cheat execution infostealer rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.137.22.68:55615

Targets

- Target
  
  88b889a1477c81510c62a46c9eb1d77d386c59dceb0523e8b5734b6dde252573.exe
- Size
  
  809KB
- MD5
  
  15f948da0e0786ee883bc9714ee6b47a
- SHA1
  
  13d0747a12ce2783ac3a1d225d760cd5b2ed1aa1
- SHA256
  
  88b889a1477c81510c62a46c9eb1d77d386c59dceb0523e8b5734b6dde252573
- SHA512
  
  006913022a08797087c1a47e89f1fba3beef5eb7f925631d507e841f361b56fe7dbefa1a1a60c0f5542742ad71c0b142ab5f4d280bfd9bc50bf5f7018c6bb31e
- SSDEEP
  
  24576:aJr8tE+sQJRRGM3sU+7sdCGNcArcotgiko7ehxaFpmx9:aJ4LP1MsdV5c+g5OiaFM/
Score

10^/10

redline sectoprat cheat execution infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratcheatexecutioninfostealerrattrojan

behavioral2

redlinesectopratcheatexecutioninfostealerrattrojan

© 2018-2024

Terms | Privacy