General

  • Target

    099e74f87f7137d536e951e08aa77163

  • Size

    483KB

  • Sample

    231230-bjag3sacb3

  • MD5

    099e74f87f7137d536e951e08aa77163

  • SHA1

    3bf78e5ab3e0583ed7c41f675df6cbad5ccacd6f

  • SHA256

    7e84d82b17457dcfc3ce3826dbad2ff18c507c9a7ffd7a452561e574883f9f5c

  • SHA512

    52a1293af673400b578f053ee93729187441c628e78e77d549d7e1202cb97d5eec02f7f23c15061bbe796b5bcaba85ff09bb1f2bee55528129c48bc2048ac19d

  • SSDEEP

    12288:pWKCAPgh31TqOIS1GLeRw92QRaQ1nQR0zCq4jqbr:2x6O/1GLeRw92QaQZk0zCq4jUr

Malware Config

Extracted

Family

redline

C2

185.80.234.100:3385

Targets

    • Target

      099e74f87f7137d536e951e08aa77163

    • Size

      483KB

    • MD5

      099e74f87f7137d536e951e08aa77163

    • SHA1

      3bf78e5ab3e0583ed7c41f675df6cbad5ccacd6f

    • SHA256

      7e84d82b17457dcfc3ce3826dbad2ff18c507c9a7ffd7a452561e574883f9f5c

    • SHA512

      52a1293af673400b578f053ee93729187441c628e78e77d549d7e1202cb97d5eec02f7f23c15061bbe796b5bcaba85ff09bb1f2bee55528129c48bc2048ac19d

    • SSDEEP

      12288:pWKCAPgh31TqOIS1GLeRw92QRaQ1nQR0zCq4jqbr:2x6O/1GLeRw92QaQZk0zCq4jUr

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks