General

  • Target

    1a5cf2a8597406b9753b5fa3960dc1842d03a99a38b9f598d64f6700ac2d7b7d.exe.zip

  • Size

    43KB

  • Sample

    231231-b6eejsacf3

  • MD5

    377457b9bcfff138e8941da233cc9ae5

  • SHA1

    d64b61a9751613a3370d74b68be9ee3aabe9bd02

  • SHA256

    680d0c584bb942fedab79c0e57f5f63d17c61d719c62ca19884b5e85331b802e

  • SHA512

    504affac8fa3741da84c83477e837e2fd4e380eb4a0f9e12284efb676fe5167e9ab357c692eb2cbe0701b4c12474d2bb06a5135f09abd501edb57fbe913b5a3a

  • SSDEEP

    768:v0hP/DtqDxk/3ImTJBhszm9NWd1e4nRHis7Pr+eyZo02O7WZIPr/c2HhHHdqj:chPbrwmTJBIqNwhHni/DLvhi

Malware Config

Extracted

Family

redline

Botnet

@Pr0xyBro

C2

185.150.26.249:15352

Targets

    • Target

      1a5cf2a8597406b9753b5fa3960dc1842d03a99a38b9f598d64f6700ac2d7b7d.exe

    • Size

      95KB

    • MD5

      017239f33798674e6e02c6183cd236e3

    • SHA1

      e72ee91400ef8124a2adb9856ffdab2ae856fbc7

    • SHA256

      1a5cf2a8597406b9753b5fa3960dc1842d03a99a38b9f598d64f6700ac2d7b7d

    • SHA512

      8eba0587d8cc82bb9254d2ae017d8000976708fdeace379e12ab191567e385c3b9e26338e2e891a0c0441c48e6bc06a8651668add457591815de1f71c8f2530d

    • SSDEEP

      1536:BqsCFRcqWClbG6jejoigI743Ywzi0Zb78ivombfexv0ujXyyed2KtmulgS6pUl:vyRclyY7+zi0ZbYe1g0ujyzdWU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks