General

  • Target

    0edbd3eb0e2bf580994f12f54279018d

  • Size

    389KB

  • Sample

    231230-fca79afcek

  • MD5

    0edbd3eb0e2bf580994f12f54279018d

  • SHA1

    b305140d033b587ae114902e4461075c8a1155bc

  • SHA256

    ff68a330c0180567f961b5d74ff8baa4a64d606293178ad1f8deb6af3ec67765

  • SHA512

    9967efe39d64d7306c7e5367e673fb4593d686dbc868ec7dd2431719639f7ba82e5473c9b13f3d6dfb9c9a7ad8a82ac53cbf848f1aabc7abd4b1bd1bb341b186

  • SSDEEP

    12288:nSLPX+dePm6VKfgIZemBmpkR4uPCaSlEl:SbOdWHUBmqvG

Malware Config

Extracted

Family

redline

C2

111.90.158.139:23158

Targets

    • Target

      0edbd3eb0e2bf580994f12f54279018d

    • Size

      389KB

    • MD5

      0edbd3eb0e2bf580994f12f54279018d

    • SHA1

      b305140d033b587ae114902e4461075c8a1155bc

    • SHA256

      ff68a330c0180567f961b5d74ff8baa4a64d606293178ad1f8deb6af3ec67765

    • SHA512

      9967efe39d64d7306c7e5367e673fb4593d686dbc868ec7dd2431719639f7ba82e5473c9b13f3d6dfb9c9a7ad8a82ac53cbf848f1aabc7abd4b1bd1bb341b186

    • SSDEEP

      12288:nSLPX+dePm6VKfgIZemBmpkR4uPCaSlEl:SbOdWHUBmqvG

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks