General

  • Target

    1b16e2191f359e9806db5568a00eb1e7

  • Size

    832KB

  • Sample

    231225-nns67sfaa3

  • MD5

    1b16e2191f359e9806db5568a00eb1e7

  • SHA1

    8df43890da67c141f89e4a1da6fa10175d53ed32

  • SHA256

    c003b5c28f58332d5c54e5e63254594fecdc710089e63768aef5865bc2991710

  • SHA512

    089da3c5f6e085df8ebd55aa1c651fbb46cecb3a2160aacaaf049355bb753eedcab77810c2aedc8a8e140cd3d2b41b6fafc4dc89847ead0a9e818fc008b74d4f

  • SSDEEP

    24576:wq3RB1l/i4/dilP5w25WO8tK946122ZST:w7xwTxto4G228

Malware Config

Extracted

Family

redline

Botnet

Проверка

C2

193.56.146.22:47861

Targets

    • Target

      1b16e2191f359e9806db5568a00eb1e7

    • Size

      832KB

    • MD5

      1b16e2191f359e9806db5568a00eb1e7

    • SHA1

      8df43890da67c141f89e4a1da6fa10175d53ed32

    • SHA256

      c003b5c28f58332d5c54e5e63254594fecdc710089e63768aef5865bc2991710

    • SHA512

      089da3c5f6e085df8ebd55aa1c651fbb46cecb3a2160aacaaf049355bb753eedcab77810c2aedc8a8e140cd3d2b41b6fafc4dc89847ead0a9e818fc008b74d4f

    • SSDEEP

      24576:wq3RB1l/i4/dilP5w25WO8tK946122ZST:w7xwTxto4G228

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks