General

  • Target

    00c906d0d6994e9d0dfc5b7b3dad5a56

  • Size

    348KB

  • Sample

    231229-xcaedscegn

  • MD5

    00c906d0d6994e9d0dfc5b7b3dad5a56

  • SHA1

    1af3e52d75d1889999df479a0241342b13e10b63

  • SHA256

    33d742eb4befb411b0ce2be7f7de5850792f7f57ce3c7b1fdaab9ceb68a8f633

  • SHA512

    6270044b5c540743d4c4b91cd3bb3fd1c6118cbadfdc38334cd0e43ff079ba71feddfee77648bc71d5d469feb10a6999f6efe34384a0c0b04f9e31287ef6049a

  • SSDEEP

    6144:gOr4eNG1j6/IPXsHuYHZXtvyyh9j2f9+zRVr4er3x5q5WNmWOZv5Mp2Rwe:hXij6APX3YHZXt6yLaA3rPYWgWsv57Rf

Malware Config

Extracted

Family

redline

Botnet

build4

C2

91.142.77.189:61524

Targets

    • Target

      00c906d0d6994e9d0dfc5b7b3dad5a56

    • Size

      348KB

    • MD5

      00c906d0d6994e9d0dfc5b7b3dad5a56

    • SHA1

      1af3e52d75d1889999df479a0241342b13e10b63

    • SHA256

      33d742eb4befb411b0ce2be7f7de5850792f7f57ce3c7b1fdaab9ceb68a8f633

    • SHA512

      6270044b5c540743d4c4b91cd3bb3fd1c6118cbadfdc38334cd0e43ff079ba71feddfee77648bc71d5d469feb10a6999f6efe34384a0c0b04f9e31287ef6049a

    • SSDEEP

      6144:gOr4eNG1j6/IPXsHuYHZXtvyyh9j2f9+zRVr4er3x5q5WNmWOZv5Mp2Rwe:hXij6APX3YHZXt6yLaA3rPYWgWsv57Rf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks