General

  • Target

    772b2c2a8d9b092ea11a5f91e5318e8d

  • Size

    100KB

  • Sample

    231226-saf2yahffp

  • MD5

    772b2c2a8d9b092ea11a5f91e5318e8d

  • SHA1

    197b9302f6ed520137e285f18bd0cc3a9dbb2ca2

  • SHA256

    e86dc06455172266930796080590e72e6c6d7689a1a298355d315b7ef78520a2

  • SHA512

    c277fa844c9da1134df07af34dd90eb5d8718a25044af9299d1f8b9889d30ddcd61cfe2f8203006c4d033dbc19b49578f276f21631062f98d0edd07448e4148f

  • SSDEEP

    1536:Sm386AEAlbDB/MKvHlrL8u5joQza7pdgbue7vRuvdyAsdF5i1xQeTEqG6WAaoig0:Si86AdR5vNcQzaty3Ru1ydd6svYE

Malware Config

Extracted

Family

redline

Botnet

1853653057

C2

185.250.206.122:43180

Targets

    • Target

      772b2c2a8d9b092ea11a5f91e5318e8d

    • Size

      100KB

    • MD5

      772b2c2a8d9b092ea11a5f91e5318e8d

    • SHA1

      197b9302f6ed520137e285f18bd0cc3a9dbb2ca2

    • SHA256

      e86dc06455172266930796080590e72e6c6d7689a1a298355d315b7ef78520a2

    • SHA512

      c277fa844c9da1134df07af34dd90eb5d8718a25044af9299d1f8b9889d30ddcd61cfe2f8203006c4d033dbc19b49578f276f21631062f98d0edd07448e4148f

    • SSDEEP

      1536:Sm386AEAlbDB/MKvHlrL8u5joQza7pdgbue7vRuvdyAsdF5i1xQeTEqG6WAaoig0:Si86AdR5vNcQzaty3Ru1ydd6svYE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks