General

  • Target

    0fab637905a3f9b113c5ca5d5bb14d30

  • Size

    421KB

  • Sample

    231230-fvblqsbhel

  • MD5

    0fab637905a3f9b113c5ca5d5bb14d30

  • SHA1

    dc6d5ad8046e35c1007de961302fa9605efd9389

  • SHA256

    81f66c5cc91de5636e3b5079c8f6bfcb0f4b08152dc792d25c9e8f57f0ce5948

  • SHA512

    2a5edf6a007e05b8582e2c19c7953b3886ec0da6df425c8a6cba76049d0c635d70cbacb00e20289b5facad4ef3884b1b8e269261dbe80aa02c603531e71eba01

  • SSDEEP

    12288:beNCpJ1XE6DUA8A0FOGaOlah4FIdIGcLgbRotL3P:bYiu6Dph0SO04FaIj9

Malware Config

Extracted

Family

redline

Botnet

@kiirek123

C2

ierinapu.xyz:80

Targets

    • Target

      0fab637905a3f9b113c5ca5d5bb14d30

    • Size

      421KB

    • MD5

      0fab637905a3f9b113c5ca5d5bb14d30

    • SHA1

      dc6d5ad8046e35c1007de961302fa9605efd9389

    • SHA256

      81f66c5cc91de5636e3b5079c8f6bfcb0f4b08152dc792d25c9e8f57f0ce5948

    • SHA512

      2a5edf6a007e05b8582e2c19c7953b3886ec0da6df425c8a6cba76049d0c635d70cbacb00e20289b5facad4ef3884b1b8e269261dbe80aa02c603531e71eba01

    • SSDEEP

      12288:beNCpJ1XE6DUA8A0FOGaOlah4FIdIGcLgbRotL3P:bYiu6Dph0SO04FaIj9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks