General

  • Target

    55044feb517be9b647bf83c35afda391

  • Size

    1.1MB

  • Sample

    240112-a1bwssbeam

  • MD5

    55044feb517be9b647bf83c35afda391

  • SHA1

    8270ffe6b893f3ca7bb7d8446d860af20202c956

  • SHA256

    f5a8f77aec04ee7081cae44754a022a166d45dd9ed4eb9015c59b018311fdbdc

  • SHA512

    58ab4b4fcf34dd0979fb59a414ea79cae7e195742c10a6c98f7608d11b47e49d25669e848005b9cf4ac44300ac2fb8878b3fd8827846272c3674299792b9d9e2

  • SSDEEP

    24576:qa8JNz0HcQoVbCDJnuKd0ZiaHpMprzP422zjx/e4jnFir:58J8cQC+NuKS0OpMe22p/bhir

Malware Config

Extracted

Family

redline

Botnet

pak_1111

C2

185.23.108.82:20793

Targets

    • Target

      55044feb517be9b647bf83c35afda391

    • Size

      1.1MB

    • MD5

      55044feb517be9b647bf83c35afda391

    • SHA1

      8270ffe6b893f3ca7bb7d8446d860af20202c956

    • SHA256

      f5a8f77aec04ee7081cae44754a022a166d45dd9ed4eb9015c59b018311fdbdc

    • SHA512

      58ab4b4fcf34dd0979fb59a414ea79cae7e195742c10a6c98f7608d11b47e49d25669e848005b9cf4ac44300ac2fb8878b3fd8827846272c3674299792b9d9e2

    • SSDEEP

      24576:qa8JNz0HcQoVbCDJnuKd0ZiaHpMprzP422zjx/e4jnFir:58J8cQC+NuKS0OpMe22p/bhir

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks