General

  • Target

    54cecee0868e914e207f565c5076917e

  • Size

    326KB

  • Sample

    240111-2v69asahb2

  • MD5

    54cecee0868e914e207f565c5076917e

  • SHA1

    88e481a9db5ca7e8dcef65087e2a571e0bc57620

  • SHA256

    57e38cc351f85af87c03a147e900f3c87b3da52e1d223605de5437453917c2e2

  • SHA512

    7712c66beee84db39500cea0da89c613052c5637b2db1664f12c01dae7a2292f79361da244d077d0bd5547d27652dd2c675d37d6e3d335890650a868fd4650cd

  • SSDEEP

    6144:8wg2rVMFxY2y5HwsA+bTRfLdWpfwMKQWZzU:BriTY2/6TRfQ1wMKn

Malware Config

Extracted

Family

redline

Botnet

diamonlox

C2

45.67.231.50:59578

Targets

    • Target

      54cecee0868e914e207f565c5076917e

    • Size

      326KB

    • MD5

      54cecee0868e914e207f565c5076917e

    • SHA1

      88e481a9db5ca7e8dcef65087e2a571e0bc57620

    • SHA256

      57e38cc351f85af87c03a147e900f3c87b3da52e1d223605de5437453917c2e2

    • SHA512

      7712c66beee84db39500cea0da89c613052c5637b2db1664f12c01dae7a2292f79361da244d077d0bd5547d27652dd2c675d37d6e3d335890650a868fd4650cd

    • SSDEEP

      6144:8wg2rVMFxY2y5HwsA+bTRfLdWpfwMKQWZzU:BriTY2/6TRfQ1wMKn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks