General

  • Target

    708f3fbbffcf73b4451a5b9c5259936a

  • Size

    370KB

  • Sample

    231226-p9mf8aehbp

  • MD5

    708f3fbbffcf73b4451a5b9c5259936a

  • SHA1

    051b84a5bfd434de71adf3797d858567504623b4

  • SHA256

    fbfb7dfe7e43aa89b6b8316f3e420681e124a08fc2d5ad9bd9f0e6a22e35cb25

  • SHA512

    b9f25ce9f738022d5a646a8f91cc638ce70c686541a226bd5046e2f8f717766a5037f7aa00afada4b5e32b77d27ca0fe74c6f5ae113fb4ed60823a8892d7a133

  • SSDEEP

    6144:wF3Z5leeDIC2QKhX9z0y80JJ6zlH+3jDZP0DqdnE8:wFp5lee0C2QKhX9z0y80JJ6zlH+3jDZe

Malware Config

Extracted

Family

redline

Botnet

110621

C2

gooutdayblog.info:80

Targets

    • Target

      708f3fbbffcf73b4451a5b9c5259936a

    • Size

      370KB

    • MD5

      708f3fbbffcf73b4451a5b9c5259936a

    • SHA1

      051b84a5bfd434de71adf3797d858567504623b4

    • SHA256

      fbfb7dfe7e43aa89b6b8316f3e420681e124a08fc2d5ad9bd9f0e6a22e35cb25

    • SHA512

      b9f25ce9f738022d5a646a8f91cc638ce70c686541a226bd5046e2f8f717766a5037f7aa00afada4b5e32b77d27ca0fe74c6f5ae113fb4ed60823a8892d7a133

    • SSDEEP

      6144:wF3Z5leeDIC2QKhX9z0y80JJ6zlH+3jDZP0DqdnE8:wFp5lee0C2QKhX9z0y80JJ6zlH+3jDZe

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks