General

  • Target

    215b99a79e60f497f61376a9d91c27e5

  • Size

    363KB

  • Sample

    231231-akpsqaedd9

  • MD5

    215b99a79e60f497f61376a9d91c27e5

  • SHA1

    e27468dbd45e30781432c1752296d562f0d00ee5

  • SHA256

    baaddfa0cec6ee987ccc56d80ccbb851fae5288e0d43531a16daac01ab22ed9d

  • SHA512

    1a8a76f22e08940a63d06cd08f3058649499e321204af2906ecb6a318a1b75d2ca535db2d5a9cd49eb69cd33bfe4104f9458b960992179a25f0080ba94c16985

  • SSDEEP

    3072:he4YJXwKqovbgU7iyap75m5zc4Be6B48o0S2Xl6OBz7+5f2WwTm5S0CuH8wrioJS:ywKqovbgIQ70dc6e6pXcOBnUOLTmlV

Malware Config

Extracted

Family

redline

Botnet

ju09_de_khr

C2

185.215.113.86:13625

Targets

    • Target

      215b99a79e60f497f61376a9d91c27e5

    • Size

      363KB

    • MD5

      215b99a79e60f497f61376a9d91c27e5

    • SHA1

      e27468dbd45e30781432c1752296d562f0d00ee5

    • SHA256

      baaddfa0cec6ee987ccc56d80ccbb851fae5288e0d43531a16daac01ab22ed9d

    • SHA512

      1a8a76f22e08940a63d06cd08f3058649499e321204af2906ecb6a318a1b75d2ca535db2d5a9cd49eb69cd33bfe4104f9458b960992179a25f0080ba94c16985

    • SSDEEP

      3072:he4YJXwKqovbgU7iyap75m5zc4Be6B48o0S2Xl6OBz7+5f2WwTm5S0CuH8wrioJS:ywKqovbgIQ70dc6e6pXcOBnUOLTmlV

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks