General

  • Target

    1973782c0b74de2eb6cd1b8782147ba5

  • Size

    371KB

  • Sample

    231225-m6x3fabhd3

  • MD5

    1973782c0b74de2eb6cd1b8782147ba5

  • SHA1

    97cf2f9128b08eadba10ff0ed31ef8208efa880a

  • SHA256

    24dd2ec0e104f2563881ec6250cb7cf513a42a6da020075f15b521117ca64a24

  • SHA512

    95af6cb89f6fee4321048fbbec5dbe26cc48f675a247b024af846671d6529660ee8fce023e3a899b45722b109f041e5c140fdf66cf4fd7ffdb79fff5dd5073a6

  • SSDEEP

    6144:3EVRbXsFFjM4Ry8RzmqaPqE3EMBel/S2eym3OHo7CaoIAC7AaDfH+5HyENPZNkf/:0+M4EQzmqaPqE3EMBel/S2eym3OHo7Cq

Malware Config

Extracted

Family

redline

Botnet

@mecenaty

C2

152.228.150.198:11188

Targets

    • Target

      1973782c0b74de2eb6cd1b8782147ba5

    • Size

      371KB

    • MD5

      1973782c0b74de2eb6cd1b8782147ba5

    • SHA1

      97cf2f9128b08eadba10ff0ed31ef8208efa880a

    • SHA256

      24dd2ec0e104f2563881ec6250cb7cf513a42a6da020075f15b521117ca64a24

    • SHA512

      95af6cb89f6fee4321048fbbec5dbe26cc48f675a247b024af846671d6529660ee8fce023e3a899b45722b109f041e5c140fdf66cf4fd7ffdb79fff5dd5073a6

    • SSDEEP

      6144:3EVRbXsFFjM4Ry8RzmqaPqE3EMBel/S2eym3OHo7CaoIAC7AaDfH+5HyENPZNkf/:0+M4EQzmqaPqE3EMBel/S2eym3OHo7Cq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks