redline | be2d3b6889b9ca8882be65aff3224179df54c0599b2fad90bdb55e211024472e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

2a96b4fac3...6a.exe

windows7-x64

2a96b4fac3...6a.exe

windows10-2004-x64

Sharing

General

Target

2a96b4fac36efb0df7930f7fe19b9b6a
Size

309KB
Sample

231231-gg399sbaa6
MD5

2a96b4fac36efb0df7930f7fe19b9b6a
SHA1

9bbc377eeb1f58002cfea817f78efa91b16e85ec
SHA256

be2d3b6889b9ca8882be65aff3224179df54c0599b2fad90bdb55e211024472e
SHA512

82ad01d52c443e62463a3140aded6b473c6dfdc03dd56609f67024b32bd37a8945131e0a7077855f59249da56994633e389a71c57d259c1d12c7ff04a5b3b8f4
SSDEEP

3072:nJJh6BbCqA4w//xQwRti4LT8yf6905sd1MvfN2FjGVr51VXNmfV8XBJ3dAQ:fkXAD2qDLKDyfN2ZgrTV9mfVSXdA

Score

10^/10

redline sectoprat @dashyknight infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2a96b4fac36efb0df7930f7fe19b9b6a.exe

Resource

win7-20231215-en

redline sectoprat @dashyknight infostealer rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a96b4fac36efb0df7930f7fe19b9b6a.exe

Resource

win10v2004-20231215-en

redline sectoprat @dashyknight infostealer rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@DashyKnight

C2

80.89.229.97:7479

Targets

- Target
  
  2a96b4fac36efb0df7930f7fe19b9b6a
- Size
  
  309KB
- MD5
  
  2a96b4fac36efb0df7930f7fe19b9b6a
- SHA1
  
  9bbc377eeb1f58002cfea817f78efa91b16e85ec
- SHA256
  
  be2d3b6889b9ca8882be65aff3224179df54c0599b2fad90bdb55e211024472e
- SHA512
  
  82ad01d52c443e62463a3140aded6b473c6dfdc03dd56609f67024b32bd37a8945131e0a7077855f59249da56994633e389a71c57d259c1d12c7ff04a5b3b8f4
- SSDEEP
  
  3072:nJJh6BbCqA4w//xQwRti4LT8yf6905sd1MvfN2FjGVr51VXNmfV8XBJ3dAQ:fkXAD2qDLKDyfN2ZgrTV9mfVSXdA
Score

10^/10

redline sectoprat @dashyknight infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectoprat@dashyknightinfostealerrattrojan

behavioral2

redlinesectoprat@dashyknightinfostealerrattrojan

© 2018-2025

Terms | Privacy