General

  • Target

    0c670f6ea327a67f469695c3352788d6

  • Size

    979KB

  • Sample

    231224-w9lcgshccr

  • MD5

    0c670f6ea327a67f469695c3352788d6

  • SHA1

    0a24d7d92b6dce9e1062e2ece00523356fa6eefc

  • SHA256

    285787473588e955d279b9404b03ca843a2af300086b3a802a69434a5b5344c8

  • SHA512

    1a54fe3c2a2fb946c47e762a5fcf4a66abda7f7faf8fe03790d7141ff64948174491030944a6b0007e54948276efa9b0184edbdf2866f34ce4fdeb41829a214f

  • SSDEEP

    24576:IVYiV4/OGS1yc7nvZL76xyJ6b/qR4y/sM6pTXZ1Y3BEA74pf:niK7S13dL+b/qRIlpLZ1YxEA

Malware Config

Extracted

Family

redline

Botnet

1907721452

C2

188.40.193.166:43180

Targets

    • Target

      0c670f6ea327a67f469695c3352788d6

    • Size

      979KB

    • MD5

      0c670f6ea327a67f469695c3352788d6

    • SHA1

      0a24d7d92b6dce9e1062e2ece00523356fa6eefc

    • SHA256

      285787473588e955d279b9404b03ca843a2af300086b3a802a69434a5b5344c8

    • SHA512

      1a54fe3c2a2fb946c47e762a5fcf4a66abda7f7faf8fe03790d7141ff64948174491030944a6b0007e54948276efa9b0184edbdf2866f34ce4fdeb41829a214f

    • SSDEEP

      24576:IVYiV4/OGS1yc7nvZL76xyJ6b/qR4y/sM6pTXZ1Y3BEA74pf:niK7S13dL+b/qRIlpLZ1YxEA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Looks for VMWare Tools registry key

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks