redline | 839af94fe56cfd10e4e5e524c5e656170a8f5cb6a285bc1838386f7000b431a9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

PaymentRec...23.exe

windows7-x64

PaymentRec...23.exe

windows10-2004-x64

Sharing

General

Target

PaymentReciptInvoce00180423.exe.bin
Size

1.0MB
Sample

230505-zp4vwage8y
MD5

b5d151bb4861ef37f6a7196217d219fe
SHA1

6dd795268a7f84ad8beda42cc58ce30f02bbd451
SHA256

839af94fe56cfd10e4e5e524c5e656170a8f5cb6a285bc1838386f7000b431a9
SHA512

6286af0cfee2564cf9ca68067d2f9ed7113d0c042b7bc9206c8b18bd67f94de599a6ee44739cc67f693922426c5f5db803ea3c289160e182f800eabd46da51ec
SSDEEP

12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2/B6T8H3+H+5CA2G:VIT4i0CkO5HkB6gX+H+57B

Score

10^/10

redline warzonerat infostealer persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PaymentReciptInvoce00180423.exe

Resource

win7-20230220-en

warzonerat infostealer persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

PaymentReciptInvoce00180423.exe

Resource

win10v2004-20230220-en

redline warzonerat infostealer persistence rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

jeffdfehjhsda.ddns.net:5200

Targets

- Target
  
  PaymentReciptInvoce00180423.exe.bin
- Size
  
  1.0MB
- MD5
  
  b5d151bb4861ef37f6a7196217d219fe
- SHA1
  
  6dd795268a7f84ad8beda42cc58ce30f02bbd451
- SHA256
  
  839af94fe56cfd10e4e5e524c5e656170a8f5cb6a285bc1838386f7000b431a9
- SHA512
  
  6286af0cfee2564cf9ca68067d2f9ed7113d0c042b7bc9206c8b18bd67f94de599a6ee44739cc67f693922426c5f5db803ea3c289160e182f800eabd46da51ec
- SSDEEP
  
  12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2/B6T8H3+H+5CA2G:VIT4i0CkO5HkB6gX+H+57B
Score

10^/10

warzonerat infostealer persistence rat redline stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

redlinewarzoneratinfostealerpersistenceratstealer

© 2018-2025

Terms | Privacy