General

  • Target

    5580b8c29e728a0271358a2e6f328fd6

  • Size

    2.3MB

  • Sample

    240112-e7ctwsfeg3

  • MD5

    5580b8c29e728a0271358a2e6f328fd6

  • SHA1

    1a82a6b4a79e7f5087a6be8576a08a8c0ff12a23

  • SHA256

    fa898cf5f88a1ccf1ca913e165a27668bd665c73d66ddd9e602d3fbf2bc4896c

  • SHA512

    896e159aff59a47d4e3f1bdf715c3eb7e752ff5250fed13610f19a230d2b1fdbd097e33d5cb621e9e2cc1ea1ffb0a5ba31d40110952d67cc63fb71e033c007cd

  • SSDEEP

    49152:B5+hFSduGrqR3tbhG1+MQAQcOSxxFq2wH/8U2myHTmPxiz8lVHTIioOFZQ+f:B5aFxRR4UgQI4fCmyzyxiqZ7f

Malware Config

Extracted

Family

redline

Botnet

@kiirek

C2

xetadycami.xyz:80

Targets

    • Target

      5580b8c29e728a0271358a2e6f328fd6

    • Size

      2.3MB

    • MD5

      5580b8c29e728a0271358a2e6f328fd6

    • SHA1

      1a82a6b4a79e7f5087a6be8576a08a8c0ff12a23

    • SHA256

      fa898cf5f88a1ccf1ca913e165a27668bd665c73d66ddd9e602d3fbf2bc4896c

    • SHA512

      896e159aff59a47d4e3f1bdf715c3eb7e752ff5250fed13610f19a230d2b1fdbd097e33d5cb621e9e2cc1ea1ffb0a5ba31d40110952d67cc63fb71e033c007cd

    • SSDEEP

      49152:B5+hFSduGrqR3tbhG1+MQAQcOSxxFq2wH/8U2myHTmPxiz8lVHTIioOFZQ+f:B5aFxRR4UgQI4fCmyzyxiqZ7f

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks