General

  • Target

    0cd611109bec333ed5816ccbef8225a3

  • Size

    833KB

  • Sample

    231230-dxfx5adhf6

  • MD5

    0cd611109bec333ed5816ccbef8225a3

  • SHA1

    545b07e30a24464f288a939f4c746ce12f84e42d

  • SHA256

    1f782a66597bb9bf4ee3b600c2266926e5e339cea52c6d8de10a18c7c6168f56

  • SHA512

    7204bcc6681b6f203136a95ff4c93ead7b4d2d38a0396c88e8d4e2a91028ccbaad44d8a928716b1946e5c2b985ac96c58d5be95060bacf23a543e81aaf90ea40

  • SSDEEP

    24576:4FWQvjR3tG20JOdB02PRzgRS37dwnTp2qSteKan7Zo2qy5KUv7HcIcelJLjImJbE:sWQvjRtG28VPRS3JwnOiesbQIvJLjIox

Malware Config

Extracted

Family

redline

Botnet

Red

C2

135.181.235.99:80

Targets

    • Target

      0cd611109bec333ed5816ccbef8225a3

    • Size

      833KB

    • MD5

      0cd611109bec333ed5816ccbef8225a3

    • SHA1

      545b07e30a24464f288a939f4c746ce12f84e42d

    • SHA256

      1f782a66597bb9bf4ee3b600c2266926e5e339cea52c6d8de10a18c7c6168f56

    • SHA512

      7204bcc6681b6f203136a95ff4c93ead7b4d2d38a0396c88e8d4e2a91028ccbaad44d8a928716b1946e5c2b985ac96c58d5be95060bacf23a543e81aaf90ea40

    • SSDEEP

      24576:4FWQvjR3tG20JOdB02PRzgRS37dwnTp2qSteKan7Zo2qy5KUv7HcIcelJLjImJbE:sWQvjRtG28VPRS3JwnOiesbQIvJLjIox

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks