General

  • Target

    715da827af6cc22adecb3f697a8a8a88

  • Size

    372KB

  • Sample

    231226-qgpxbagbbk

  • MD5

    715da827af6cc22adecb3f697a8a8a88

  • SHA1

    53de4484c7927c2c45748e6fe3a7c68358b8f88f

  • SHA256

    1617c85c779cf8c913c92b3208686fb1078549ce5a13b07bea7b6b68e02c70b9

  • SHA512

    cd1b67a081a046014c25f96879077448b6fe058c435482928257c6dff20916568227c4216c2f865e1baf001f42db7149221e723d9c2edf789529d9c9693e6721

  • SSDEEP

    6144:jdfM4Ry8towEa7CEzkqgegi1mPMHDZvLi8Z1pDX3OO+7CaokuuRXg:jdfM4EMowEa7CEzkqgegi1mPMHDZvLi4

Malware Config

Extracted

Family

redline

Botnet

@Kudavrs

C2

80.89.237.223:33872

Targets

    • Target

      715da827af6cc22adecb3f697a8a8a88

    • Size

      372KB

    • MD5

      715da827af6cc22adecb3f697a8a8a88

    • SHA1

      53de4484c7927c2c45748e6fe3a7c68358b8f88f

    • SHA256

      1617c85c779cf8c913c92b3208686fb1078549ce5a13b07bea7b6b68e02c70b9

    • SHA512

      cd1b67a081a046014c25f96879077448b6fe058c435482928257c6dff20916568227c4216c2f865e1baf001f42db7149221e723d9c2edf789529d9c9693e6721

    • SSDEEP

      6144:jdfM4Ry8towEa7CEzkqgegi1mPMHDZvLi8Z1pDX3OO+7CaokuuRXg:jdfM4EMowEa7CEzkqgegi1mPMHDZvLi4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks