General

  • Target

    16cf1e37704f6d8a9557f3804045f7b9

  • Size

    1.8MB

  • Sample

    231225-mdwnxaegf2

  • MD5

    16cf1e37704f6d8a9557f3804045f7b9

  • SHA1

    713a135b361183bc9907537890c9d4a44637eec3

  • SHA256

    4a475db4cb4d71eb0752dce8f9752ed285a0ef1131fefcc2c139de831118df63

  • SHA512

    956df0b1bc9427ba3980d9d9cbe7e627ae2a5f71abd08599ad2879c0291c682e59c109387a704cd8ebccb272ff130cfcbbbcc1ac36f9346a72646cd9fe1ae36f

  • SSDEEP

    49152:KsybxHlk9D3Y9/kaLV6t+0XJpy+g75LrARENNpLl:NybxFk1Ya+T03q5htl

Malware Config

Extracted

Family

redline

Botnet

adsgoogle2

C2

45.93.4.12:80

Targets

    • Target

      16cf1e37704f6d8a9557f3804045f7b9

    • Size

      1.8MB

    • MD5

      16cf1e37704f6d8a9557f3804045f7b9

    • SHA1

      713a135b361183bc9907537890c9d4a44637eec3

    • SHA256

      4a475db4cb4d71eb0752dce8f9752ed285a0ef1131fefcc2c139de831118df63

    • SHA512

      956df0b1bc9427ba3980d9d9cbe7e627ae2a5f71abd08599ad2879c0291c682e59c109387a704cd8ebccb272ff130cfcbbbcc1ac36f9346a72646cd9fe1ae36f

    • SSDEEP

      49152:KsybxHlk9D3Y9/kaLV6t+0XJpy+g75LrARENNpLl:NybxFk1Ya+T03q5htl

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks