General

  • Target

    5413cf86f345eb88ebf8f8cb0ed602d1.exe

  • Size

    351KB

  • Sample

    240111-y1ppnagdd2

  • MD5

    5413cf86f345eb88ebf8f8cb0ed602d1

  • SHA1

    5c8b492d13ad6a58f75189d08b4f631670f05157

  • SHA256

    e454e7bb1ee2580c853cd3ade1a08905683412ffec054097c674190a69fc277b

  • SHA512

    972e92700cac6deebd3a7050b5b11095ba8c4a54c07742dd23029f61a64039baee78d21c53e61560959b4e61034ccc2f239033868fc25629fc739b921abd302b

  • SSDEEP

    6144:haIgsPIvmVYSTEMt6ZeaeTgey3aB3t84AOX+9mboxmF+6fPNv8FkTRXChlr:hxcmVTTEMt6ZheT+AV+96fPNv8FkTRor

Malware Config

Extracted

Family

redline

Botnet

@vercetty

C2

45.133.217.148:65255

Targets

    • Target

      5413cf86f345eb88ebf8f8cb0ed602d1.exe

    • Size

      351KB

    • MD5

      5413cf86f345eb88ebf8f8cb0ed602d1

    • SHA1

      5c8b492d13ad6a58f75189d08b4f631670f05157

    • SHA256

      e454e7bb1ee2580c853cd3ade1a08905683412ffec054097c674190a69fc277b

    • SHA512

      972e92700cac6deebd3a7050b5b11095ba8c4a54c07742dd23029f61a64039baee78d21c53e61560959b4e61034ccc2f239033868fc25629fc739b921abd302b

    • SSDEEP

      6144:haIgsPIvmVYSTEMt6ZeaeTgey3aB3t84AOX+9mboxmF+6fPNv8FkTRXChlr:hxcmVTTEMt6ZheT+AV+96fPNv8FkTRor

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks