redline | ef25a68f3430e16599cbe37b7d50c8319b7a62730f151ea1a2750f355e729278 | Triage

Submit
Reports

Overview

overview

Static

static

7

b5e250a950...ec.exe

windows7-x64

b5e250a950...ec.exe

windows10-2004-x64

Sharing

General

Target

901a623dbccaa22525373cd36195ee14.bin
Size

538KB
Sample

240626-ddj6fatcnr
MD5

e2a13e5eb5232d395228259d80e10ee1
SHA1

c052f4a2b96c48249cb8b9737d53a66815c7811b
SHA256

ef25a68f3430e16599cbe37b7d50c8319b7a62730f151ea1a2750f355e729278
SHA512

499e255cff7eef77d847d920668aa29618673e39a2b7ab860b3d6d62c939dd1aaa1cd322afe280109e1478ef7319c3c327c57f9b2a36b0c8ce172df2e8f4cb07
SSDEEP

12288:ZChkOgWVUOH5EV9WH3uMNkdUragQkC5Q/46V4cG/l3y:ZmV7HE2FkdKL1C5QnYVy

Score

10^/10

redline sectoprat wordfile infostealer rat trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec.exe

Resource

win7-20240508-en

redline sectoprat wordfile infostealer rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec.exe

Resource

win10v2004-20240508-en

redline sectoprat wordfile infostealer rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

wordfile

C2

185.38.142.10:7474

Targets

- Target
  
  b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec.exe
- Size
  
  629KB
- MD5
  
  901a623dbccaa22525373cd36195ee14
- SHA1
  
  9adb6dddb68cd7e116da9392e7ee63a8fa394495
- SHA256
  
  b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec
- SHA512
  
  eabeba0eb9ae7e39577a7e313e50807cee1b888f1c8ff0fa375e5de9451a66471c791c23ea4f4af85151f96b065d55e8c1320026d8503a048a3e5968f8effc1d
- SSDEEP
  
  12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcN6S5UesUInNnpo2R2:hBXu9HGaVHN6S5U5Rn/Y
Score

10^/10

redline sectoprat wordfile infostealer rat trojan upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratwordfileinfostealerrattrojanupx

behavioral2

redlinesectopratwordfileinfostealerrattrojanupx

© 2018-2024

Terms | Privacy