redline | d0ec43c0885fbe5b2c561762827e365d760bf18c7fb1f01d2eaebfd22b11640f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

0945f39b01...05.exe

windows7-x64

0945f39b01...05.exe

windows10-2004-x64

Sharing

General

Target

0945f39b0120d145e17eb04a9bfc5205
Size

203KB
Sample

231224-wcnfksdae8
MD5

0945f39b0120d145e17eb04a9bfc5205
SHA1

8b6471f8ef6d90eb6f52a819ab2379c83b317d92
SHA256

d0ec43c0885fbe5b2c561762827e365d760bf18c7fb1f01d2eaebfd22b11640f
SHA512

a9b4cc57a4a71ca9e458d944976af755c522780f1a26e4812a0c974e77855e9b19c042f5e0815f7a58707c6e928d96298c89e792a2a8b766f1692e9fcda08bbb
SSDEEP

3072:FHPsopjzJMURetE7WeYz/K80nGEh/hXKmbYcVQqJdOQfl/uHf0T9Ng2iO4iO:VPsot6E7of4GELaIjJdOMlYf0T9NcO

Score

10^/10

redline sectoprat @qu47tr0 infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0945f39b0120d145e17eb04a9bfc5205.exe

Resource

win7-20231215-en

redline sectoprat @qu47tr0 infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0945f39b0120d145e17eb04a9bfc5205.exe

Resource

win10v2004-20231215-en

redline sectoprat @qu47tr0 infostealer rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@qu47tr0

C2

45.81.227.32:22625

Targets

- Target
  
  0945f39b0120d145e17eb04a9bfc5205
- Size
  
  203KB
- MD5
  
  0945f39b0120d145e17eb04a9bfc5205
- SHA1
  
  8b6471f8ef6d90eb6f52a819ab2379c83b317d92
- SHA256
  
  d0ec43c0885fbe5b2c561762827e365d760bf18c7fb1f01d2eaebfd22b11640f
- SHA512
  
  a9b4cc57a4a71ca9e458d944976af755c522780f1a26e4812a0c974e77855e9b19c042f5e0815f7a58707c6e928d96298c89e792a2a8b766f1692e9fcda08bbb
- SSDEEP
  
  3072:FHPsopjzJMURetE7WeYz/K80nGEh/hXKmbYcVQqJdOQfl/uHf0T9Ng2iO4iO:VPsot6E7of4GELaIjJdOMlYf0T9NcO
Score

10^/10

redline sectoprat @qu47tr0 infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectoprat@qu47tr0infostealerrattrojan

behavioral2

redlinesectoprat@qu47tr0infostealerrattrojan

© 2018-2025

Terms | Privacy