General

  • Target

    0e86a231689637b656a0764f2017d22f

  • Size

    927KB

  • Sample

    231230-e4zt9adcgp

  • MD5

    0e86a231689637b656a0764f2017d22f

  • SHA1

    70954ef5b83a7b0cd9dca4542d63bf3a7dc7ac97

  • SHA256

    3da0e424a6f1268f5682d59be1f83572479c28ca1fb7dab48d0b53220acef66e

  • SHA512

    21a3195665975ba3ec7b042a19b9ce39b5311e7c96070e7a968e7a1f39514a0df3569e39b313529dbb6b948195cd294077fd5b4e8a81e08a38b4ba2d8f6f6f32

  • SSDEEP

    12288:bsp0kUKA1PfP5k9FLRqYjtatql9MiwlDwhl6s5Ep7XzNwzVzTEVGp7K1k:bspuHaFLsqkqyEl68E5azVzwVBk

Malware Config

Extracted

Family

redline

Botnet

@Original_Finest

C2

159.69.190.155:35975

Targets

    • Target

      0e86a231689637b656a0764f2017d22f

    • Size

      927KB

    • MD5

      0e86a231689637b656a0764f2017d22f

    • SHA1

      70954ef5b83a7b0cd9dca4542d63bf3a7dc7ac97

    • SHA256

      3da0e424a6f1268f5682d59be1f83572479c28ca1fb7dab48d0b53220acef66e

    • SHA512

      21a3195665975ba3ec7b042a19b9ce39b5311e7c96070e7a968e7a1f39514a0df3569e39b313529dbb6b948195cd294077fd5b4e8a81e08a38b4ba2d8f6f6f32

    • SSDEEP

      12288:bsp0kUKA1PfP5k9FLRqYjtatql9MiwlDwhl6s5Ep7XzNwzVzTEVGp7K1k:bspuHaFLsqkqyEl68E5azVzwVBk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks