redline | a591d3d035cf90395ad1078a415a46b5b44dd813496291b702fe36cfb22dee36 | Triage

Submit
Reports

Overview

overview

Static

static

5

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

a591d3d035cf90395ad1078a415a46b5b44dd813496291b702fe36cfb22dee36
Size

1.0MB
Sample

240628-e9kyaathpp
MD5

464709f3215d06f6703eb4ecb607ae7a
SHA1

1f438f2ab699f842cec119981ae5bf799df5d203
SHA256

a591d3d035cf90395ad1078a415a46b5b44dd813496291b702fe36cfb22dee36
SHA512

007b3d6c7da18c9d8b31991520d18fa2ee323cf8b4d8ea153d74cf93d5bfb38df79bc65a968cc6e07c996c451f0f1c8b2a0b9f0529a6b67ca148cc27adf1eda9
SSDEEP

24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaeAfg3sujtg5:qh+ZkldoPK8YaeAfTYg

Score

10^/10

redline sectoprat wordfile infostealer rat spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a591d3d035cf90395ad1078a415a46b5b44dd813496291b702fe36cfb22dee36.exe

Resource

win10v2004-20240611-en

redline sectoprat wordfile infostealer rat spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a591d3d035cf90395ad1078a415a46b5b44dd813496291b702fe36cfb22dee36.exe

Resource

win11-20240611-en

redline sectoprat wordfile infostealer rat spyware trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

wordfile

C2

185.38.142.10:7474

Targets

- Target
  
  a591d3d035cf90395ad1078a415a46b5b44dd813496291b702fe36cfb22dee36
- Size
  
  1.0MB
- MD5
  
  464709f3215d06f6703eb4ecb607ae7a
- SHA1
  
  1f438f2ab699f842cec119981ae5bf799df5d203
- SHA256
  
  a591d3d035cf90395ad1078a415a46b5b44dd813496291b702fe36cfb22dee36
- SHA512
  
  007b3d6c7da18c9d8b31991520d18fa2ee323cf8b4d8ea153d74cf93d5bfb38df79bc65a968cc6e07c996c451f0f1c8b2a0b9f0529a6b67ca148cc27adf1eda9
- SSDEEP
  
  24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaeAfg3sujtg5:qh+ZkldoPK8YaeAfTYg
Score

10^/10

redline sectoprat wordfile infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratwordfileinfostealerratspywaretrojan

behavioral2

redlinesectopratwordfileinfostealerratspywaretrojan

© 2018-2024

Terms | Privacy