General

  • Target

    0f7a263fd49d8fc6290ecf03bc5fada5

  • Size

    314KB

  • Sample

    231230-fp8dhsagdr

  • MD5

    0f7a263fd49d8fc6290ecf03bc5fada5

  • SHA1

    b3cc497b2deac62c818d37e9210b8e59f0dd939c

  • SHA256

    2b95108372cc6adfdb583394099eb518546a4af96a0250ac65750f2965214b16

  • SHA512

    809b521546738285cf681b968049d92703be4ceb03aae93c707351432ee6fd88fd78336efa7a2ce627e96def2c887905e8723e15d9b7108e799cfaec116e967c

  • SSDEEP

    6144:jps/Hgxgtj+c3oqV9UV7kg7lXJZFSVQabb5DBPVGR9h51EsJC:jm/Axg0c4qVVuS59vGRZ2h

Malware Config

Extracted

Family

redline

Botnet

@pidoras213124

C2

135.181.171.9:23469

Targets

    • Target

      0f7a263fd49d8fc6290ecf03bc5fada5

    • Size

      314KB

    • MD5

      0f7a263fd49d8fc6290ecf03bc5fada5

    • SHA1

      b3cc497b2deac62c818d37e9210b8e59f0dd939c

    • SHA256

      2b95108372cc6adfdb583394099eb518546a4af96a0250ac65750f2965214b16

    • SHA512

      809b521546738285cf681b968049d92703be4ceb03aae93c707351432ee6fd88fd78336efa7a2ce627e96def2c887905e8723e15d9b7108e799cfaec116e967c

    • SSDEEP

      6144:jps/Hgxgtj+c3oqV9UV7kg7lXJZFSVQabb5DBPVGR9h51EsJC:jm/Axg0c4qVVuS59vGRZ2h

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks