General
-
Target
21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3.zip
-
Size
43KB
-
Sample
230328-kvfb5saa33
-
MD5
4bd77166929024baf7090da290a489cd
-
SHA1
4c94ba79ee4cb923e872c9918e487a1f50a1f2d8
-
SHA256
4d2b21d8928e3f68ce63fb97a249bfdcad9ea8286d6fd49804cdcf9dde85c429
-
SHA512
33743f2d974c38d227e341d8d626512bff5bf6b24ab281f07bca18d863d3ee980d6fba44b5f60a7922fefc76407b15c82d86bcdd82f27f299355d1842cbe12ce
-
SSDEEP
768:aKyrj4HfhN5Rxhz2JEP+7jECJQiQv1ZeUbwGvowfvN12TURKzcALtCW0mr//B4Ow:aKyrjy6uIj9bQ3eUcGvowdcSKRCW0O/G
Malware Config
Extracted
redline
zbot
0.tcp.eu.ngrok.io:15032
Targets
-
-
Target
21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3
-
Size
95KB
-
MD5
6cec6d556ca7cc5324959811a61e962f
-
SHA1
a0f0f77232c7bf3484247c0b609d755f4f6c58e1
-
SHA256
21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3
-
SHA512
8da51314faa31aee3b1c9f8374dd55070de1e9bd34dc2bd46ea32c28ffc91104f769d8e65d1b6b3d4af8c52edfc06bc24600e5c2cee0941a5a875f614b1d97d8
-
SSDEEP
1536:FqsghaqpalbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2R3tmulgS6pQl:D+aKaYP+zi0ZbYe1g0ujyzd1Q
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Legitimate hosting services abused for malware hosting/C2
-