Overview

overview

10

Static

static

3

6bb7dc4a3d...8d.exe

windows7-x64

10

6bb7dc4a3d...8d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6bb7dc4a3db387ced8c05711f6bbfc8d

  • Size

    416KB

  • Sample

    231219-v6kfcaggh8

  • MD5

    6bb7dc4a3db387ced8c05711f6bbfc8d

  • SHA1

    387b6cfcae1377668a5f76a68d7129b7a1f3146e

  • SHA256

    9f1d5534c136fdc81f33387df265be387f201b3509dc963c8283e06f9ce0dfc7

  • SHA512

    8ffd82cffdcd182a700a483371b561751c40eedb2a881edefb33de9069ada90843d75da33993b6f0af15fac8b039006971f0eb308aeb5828e41d2976a6783cf5

  • SSDEEP

    6144:ioe40Ms++BdomMKv9c1zNCasY5XH2Bfnlszo+lpoX/W1y+Gd1jrc:DsGKv9cRNjJRHEfnlszLlIW1y+6jw

Score
10/10
redlinesectopratpaladininfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

178.63.26.132:29795

Attributes
  • auth_value

    f27db372188045eefdf974196ead3dae

Targets

    • Target

      6bb7dc4a3db387ced8c05711f6bbfc8d

    • Size

      416KB

    • MD5

      6bb7dc4a3db387ced8c05711f6bbfc8d

    • SHA1

      387b6cfcae1377668a5f76a68d7129b7a1f3146e

    • SHA256

      9f1d5534c136fdc81f33387df265be387f201b3509dc963c8283e06f9ce0dfc7

    • SHA512

      8ffd82cffdcd182a700a483371b561751c40eedb2a881edefb33de9069ada90843d75da33993b6f0af15fac8b039006971f0eb308aeb5828e41d2976a6783cf5

    • SSDEEP

      6144:ioe40Ms++BdomMKv9c1zNCasY5XH2Bfnlszo+lpoX/W1y+Gd1jrc:DsGKv9cRNjJRHEfnlszLlIW1y+6jw

    Score
    10/10
    redlinesectopratpaladininfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks