redline | 73dc45d12cbf0b6e8f2f6a439c7bf4da5b4ec51504690db81fee39adb0edd1b4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

25061f7c5f...dd.exe

windows7-x64

25061f7c5f...dd.exe

windows10-2004-x64

Sharing

General

Target

25061f7c5f6cba19b00ba46c684bb5dd
Size

1.2MB
Sample

231231-c89txaced5
MD5

25061f7c5f6cba19b00ba46c684bb5dd
SHA1

d313a669b26395b13e5197e186ba5a9dd79579ae
SHA256

73dc45d12cbf0b6e8f2f6a439c7bf4da5b4ec51504690db81fee39adb0edd1b4
SHA512

ef6dc57b5caf84b0914b790a7c599a0b567477a9a297f18b5895b8afefbb3697fb705d72d69b66faf26bfbc90497b4f7af921aaae8ab9fd659d50484e953dd70
SSDEEP

6144:sFxb4HalkX/5Okcxpny0mjn/db2xPGnDq3cUkxChx4ZfAb7nC0WEG05iTeBWT:wxbYcxpy0mjn/NC0MkxChx4S95dBWT

Score

10^/10

redline sectoprat ruzkii infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

25061f7c5f6cba19b00ba46c684bb5dd.exe

Resource

win7-20231215-en

redline sectoprat ruzkii infostealer rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

25061f7c5f6cba19b00ba46c684bb5dd.exe

Resource

win10v2004-20231215-en

redline sectoprat ruzkii infostealer rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

ruzkii

C2

verecalina.xyz:80

Targets

- Target
  
  25061f7c5f6cba19b00ba46c684bb5dd
- Size
  
  1.2MB
- MD5
  
  25061f7c5f6cba19b00ba46c684bb5dd
- SHA1
  
  d313a669b26395b13e5197e186ba5a9dd79579ae
- SHA256
  
  73dc45d12cbf0b6e8f2f6a439c7bf4da5b4ec51504690db81fee39adb0edd1b4
- SHA512
  
  ef6dc57b5caf84b0914b790a7c599a0b567477a9a297f18b5895b8afefbb3697fb705d72d69b66faf26bfbc90497b4f7af921aaae8ab9fd659d50484e953dd70
- SSDEEP
  
  6144:sFxb4HalkX/5Okcxpny0mjn/db2xPGnDq3cUkxChx4ZfAb7nC0WEG05iTeBWT:wxbYcxpy0mjn/NC0MkxChx4S95dBWT
Score

10^/10

redline sectoprat ruzkii infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectopratruzkiiinfostealerrattrojan

behavioral2

redlinesectopratruzkiiinfostealerrattrojan

© 2018-2025

Terms | Privacy