redline | ba85db2614120d1e5b26b4c89847f219317a823bf1e3382cb379666677b0a8fe | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ORDER QUOT...df.exe

windows7-x64

ORDER QUOT...df.exe

windows10-2004-x64

Sharing

General

Target

ORDER QUOTATION LIST.pdf.exe
Size

837KB
Sample

230822-tf7mhsdd64
MD5

00b7354438e3a2483c5c4e0c52d10f7e
SHA1

c1c3b90b1cf7541abd6bd9f098811c368078ed0b
SHA256

ba85db2614120d1e5b26b4c89847f219317a823bf1e3382cb379666677b0a8fe
SHA512

0e1dfb63dd23f508d6d82c89a62618071be5ba3b4b88b4645951c054b96c15ce7e9676976670147a720369f161d554d4af986749e4c3e12f73b1d2954c98a863
SSDEEP

24576:/DkUNi1EvGEW93Gtx1Lhrds4t+whW2ANQyj:/DkUrOEW9GLhds4tdUGs

Score

10^/10

redline sectoprat cheat infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ORDER QUOTATION LIST.pdf.exe

Resource

win7-20230712-en

redline sectoprat cheat infostealer rat spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

ORDER QUOTATION LIST.pdf.exe

Resource

win10v2004-20230703-en

redline sectoprat cheat infostealer rat spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

54.37.0.50:55615

Targets

- Target
  
  ORDER QUOTATION LIST.pdf.exe
- Size
  
  837KB
- MD5
  
  00b7354438e3a2483c5c4e0c52d10f7e
- SHA1
  
  c1c3b90b1cf7541abd6bd9f098811c368078ed0b
- SHA256
  
  ba85db2614120d1e5b26b4c89847f219317a823bf1e3382cb379666677b0a8fe
- SHA512
  
  0e1dfb63dd23f508d6d82c89a62618071be5ba3b4b88b4645951c054b96c15ce7e9676976670147a720369f161d554d4af986749e4c3e12f73b1d2954c98a863
- SSDEEP
  
  24576:/DkUNi1EvGEW93Gtx1Lhrds4t+whW2ANQyj:/DkUrOEW9GLhds4tdUGs
Score

10^/10

redline sectoprat cheat infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcheatinfostealerratspywarestealertrojan

behavioral2

redlinesectopratcheatinfostealerratspywarestealertrojan

© 2018-2025

Terms | Privacy