redline | b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec | Triage

Submit
Reports

Overview

overview

Static

static

7

901a623dbc...14.exe

windows7-x64

901a623dbc...14.exe

windows10-2004-x64

Sharing

General

Target

901a623dbccaa22525373cd36195ee14.exe
Size

629KB
Sample

240624-tvtdfavdjp
MD5

901a623dbccaa22525373cd36195ee14
SHA1

9adb6dddb68cd7e116da9392e7ee63a8fa394495
SHA256

b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec
SHA512

eabeba0eb9ae7e39577a7e313e50807cee1b888f1c8ff0fa375e5de9451a66471c791c23ea4f4af85151f96b065d55e8c1320026d8503a048a3e5968f8effc1d
SSDEEP

12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcN6S5UesUInNnpo2R2:hBXu9HGaVHN6S5U5Rn/Y

Score

10^/10

redline sectoprat wordfile infostealer rat spyware trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

901a623dbccaa22525373cd36195ee14.exe

Resource

win7-20240220-en

redline sectoprat wordfile infostealer rat spyware trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

901a623dbccaa22525373cd36195ee14.exe

Resource

win10v2004-20240611-en

redline sectoprat wordfile infostealer rat spyware trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

wordfile

C2

185.38.142.10:7474

Targets

- Target
  
  901a623dbccaa22525373cd36195ee14.exe
- Size
  
  629KB
- MD5
  
  901a623dbccaa22525373cd36195ee14
- SHA1
  
  9adb6dddb68cd7e116da9392e7ee63a8fa394495
- SHA256
  
  b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec
- SHA512
  
  eabeba0eb9ae7e39577a7e313e50807cee1b888f1c8ff0fa375e5de9451a66471c791c23ea4f4af85151f96b065d55e8c1320026d8503a048a3e5968f8effc1d
- SSDEEP
  
  12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcN6S5UesUInNnpo2R2:hBXu9HGaVHN6S5U5Rn/Y
Score

10^/10

redline sectoprat wordfile infostealer rat spyware trojan upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratwordfileinfostealerratspywaretrojanupx

behavioral2

redlinesectopratwordfileinfostealerratspywaretrojanupx

© 2018-2024

Terms | Privacy