General

  • Target

    4904a716d64b1fbcb594794883e496ba.exe

  • Size

    2.0MB

  • Sample

    240107-yamsdacfer

  • MD5

    4904a716d64b1fbcb594794883e496ba

  • SHA1

    cf8cd63cb4d7b03671f871e0ab4bfc85a5132dcf

  • SHA256

    0457f119d3d5dcb88bd5b27a4893208d8331132bbaeff3d4829aef7c590e8733

  • SHA512

    9a7cbcfa0105cb533e7325901bef26cf2e6798615b986b47170f5def35e8fd1ed126558335b309630e3ac58ed3c45ee70a2504bb30104facc148f7ec1ed6d49a

  • SSDEEP

    49152:L+26YxAfubBrDoCVYDbWvygK2pr4+XV9Fyh8VGNSAbhh7R:L+EWubBroRT6rthtGEUfR

Malware Config

Extracted

Family

redline

Botnet

YsamiLzt

C2

185.172.129.61:52372

Targets

    • Target

      4904a716d64b1fbcb594794883e496ba.exe

    • Size

      2.0MB

    • MD5

      4904a716d64b1fbcb594794883e496ba

    • SHA1

      cf8cd63cb4d7b03671f871e0ab4bfc85a5132dcf

    • SHA256

      0457f119d3d5dcb88bd5b27a4893208d8331132bbaeff3d4829aef7c590e8733

    • SHA512

      9a7cbcfa0105cb533e7325901bef26cf2e6798615b986b47170f5def35e8fd1ed126558335b309630e3ac58ed3c45ee70a2504bb30104facc148f7ec1ed6d49a

    • SSDEEP

      49152:L+26YxAfubBrDoCVYDbWvygK2pr4+XV9Fyh8VGNSAbhh7R:L+EWubBroRT6rthtGEUfR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks