redline | hxxps://gofile[.]io/d/SRT9tP | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

Resubmissions

05-07-2024 16:54

240705-vesbwavapf 10

05-07-2024 16:49

240705-vb469ssamr 7

04-07-2024 16:17

240704-trmrgs1eja 10

04-07-2024 16:14

240704-tpl26syfqj 7

04-07-2024 16:11

240704-tmx2na1dne 10

Sharing

General

Target

https://gofile.io/d/SRT9tP
Sample

240704-tmx2na1dne

Score

10^/10

redline sectoprat s6murai on telegram infostealer persistence rat trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://gofile.io/d/SRT9tP

Resource

win10v2004-20240611-en

redline sectoprat s6murai on telegram infostealer persistence rat trojan

windows10-2004-x64

16 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

s6murai on telegram

C2

178.40.160.213:3333

Targets

- Target
  
  https://gofile.io/d/SRT9tP
Score

10^/10

redline sectoprat s6murai on telegram infostealer persistence rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

urlscan1

behavioral1

redlinesectoprats6murai on telegram infostealerpersistencerattrojan

© 2018-2024

Terms | Privacy