General

  • Target

    54907df508790354d133e051bacc4716

  • Size

    112KB

  • Sample

    240111-zsltgagebq

  • MD5

    54907df508790354d133e051bacc4716

  • SHA1

    f84e960f4a5170943d7bc890df80566b2a46d176

  • SHA256

    13538b5b8bcc7dea403e11d1b9227fcb745c37b32f4c0493706ef0d04076ed2c

  • SHA512

    c3c7e6ee0b0e407d9fd3770e57e1c4f9905b8064fe185d16dd2e193c60d0d4cbfef5c94dcc7befa8786b3ea0d0eadc557e2eef0281bb99e1b8c3442713c90690

  • SSDEEP

    3072:W4JFfXmsHbz2EJFbOvIGCnjyjd57YXff5l:Fn32EJd8lOyDU35l

Malware Config

Extracted

Family

redline

Botnet

@admbx

C2

137.74.76.180:52028

Targets

    • Target

      54907df508790354d133e051bacc4716

    • Size

      112KB

    • MD5

      54907df508790354d133e051bacc4716

    • SHA1

      f84e960f4a5170943d7bc890df80566b2a46d176

    • SHA256

      13538b5b8bcc7dea403e11d1b9227fcb745c37b32f4c0493706ef0d04076ed2c

    • SHA512

      c3c7e6ee0b0e407d9fd3770e57e1c4f9905b8064fe185d16dd2e193c60d0d4cbfef5c94dcc7befa8786b3ea0d0eadc557e2eef0281bb99e1b8c3442713c90690

    • SSDEEP

      3072:W4JFfXmsHbz2EJFbOvIGCnjyjd57YXff5l:Fn32EJd8lOyDU35l

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks