General

  • Target

    0ebc3c08d0e3b7f973466d55394119ac

  • Size

    2.1MB

  • Sample

    231230-e9mf4seedm

  • MD5

    0ebc3c08d0e3b7f973466d55394119ac

  • SHA1

    b3d7002538eabcf551aa3bbf0b6cb555bea92acf

  • SHA256

    3d19304d7fcb0611b685274f7650b68dfc27646078e3ab20f6725d387700b783

  • SHA512

    20d0ded8e455397fbf8802b8fdca33ecd14d4387c4d3b12efe20dd6cb8b1167090686676679f8a0eeaf2772ae70470355b0f43cc3987ca6759160f1f9c47d57c

  • SSDEEP

    49152:FxSuM2y2BwWdXQ9kh83qmK+/d1xuuuRqWKiAvFN19v3ns:FIuM2TwWVGkh8rK+X88WKvvtXs

Malware Config

Extracted

Family

redline

Botnet

Kurwa

C2

65.21.90.212:6607

Targets

    • Target

      0ebc3c08d0e3b7f973466d55394119ac

    • Size

      2.1MB

    • MD5

      0ebc3c08d0e3b7f973466d55394119ac

    • SHA1

      b3d7002538eabcf551aa3bbf0b6cb555bea92acf

    • SHA256

      3d19304d7fcb0611b685274f7650b68dfc27646078e3ab20f6725d387700b783

    • SHA512

      20d0ded8e455397fbf8802b8fdca33ecd14d4387c4d3b12efe20dd6cb8b1167090686676679f8a0eeaf2772ae70470355b0f43cc3987ca6759160f1f9c47d57c

    • SSDEEP

      49152:FxSuM2y2BwWdXQ9kh83qmK+/d1xuuuRqWKiAvFN19v3ns:FIuM2TwWVGkh8rK+X88WKvvtXs

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks