General

  • Target

    1a579c3c244c6d61a663d33552b5057b

  • Size

    1.0MB

  • Sample

    231225-nfgs7sdee8

  • MD5

    1a579c3c244c6d61a663d33552b5057b

  • SHA1

    8f8cad540acbc396c5fdca0f445af7af0bd4df89

  • SHA256

    657ed0632158da9edb4f46a8086e9ec6167c332dc89e6a106e7891577845f574

  • SHA512

    d68b8e6b5259f1664e83420fe0a6ff5e0bbe8bf15be432e427d25a16717a967c52a17dea289ac3072094c18f9655d47916c37054f4fbcb113af950deff07c3e6

  • SSDEEP

    24576:XCla/6N1I2rXccaMf+VpfPQy2i9XKtG6y4gs:ylk6N1JQ9M63j0/

Malware Config

Extracted

Family

redline

Botnet

WW

C2

boterov.com:58198

Targets

    • Target

      1a579c3c244c6d61a663d33552b5057b

    • Size

      1.0MB

    • MD5

      1a579c3c244c6d61a663d33552b5057b

    • SHA1

      8f8cad540acbc396c5fdca0f445af7af0bd4df89

    • SHA256

      657ed0632158da9edb4f46a8086e9ec6167c332dc89e6a106e7891577845f574

    • SHA512

      d68b8e6b5259f1664e83420fe0a6ff5e0bbe8bf15be432e427d25a16717a967c52a17dea289ac3072094c18f9655d47916c37054f4fbcb113af950deff07c3e6

    • SSDEEP

      24576:XCla/6N1I2rXccaMf+VpfPQy2i9XKtG6y4gs:ylk6N1JQ9M63j0/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks