General

  • Target

    56075409db8412dc5605d8c7907d4fa8

  • Size

    1.4MB

  • Sample

    240112-kw28asdge5

  • MD5

    56075409db8412dc5605d8c7907d4fa8

  • SHA1

    9dccb40ff857fce4fc19d76fa77db146d0f7fe9f

  • SHA256

    7703f5d04c7edc09c519324c1bda1eb3bb909e06c6830c5f8aa77174c37c31fa

  • SHA512

    5a962017e80e85dfb70a1f9d9c4eb4c4bc871e9f2233db81cd411f3a66725e215c80b4c5a90237fb46eca733d6f7e9b9d65e861bfdc96d88ef5b620a56e64136

  • SSDEEP

    24576:uHONivAtPbO+7BeG5rmkhygrWvWEirqNxXgpt9AMT5sNg:lMk1rDQgFEir7AMI

Malware Config

Extracted

Family

redline

Botnet

0606

C2

renewalst.xyz:3874

Targets

    • Target

      56075409db8412dc5605d8c7907d4fa8

    • Size

      1.4MB

    • MD5

      56075409db8412dc5605d8c7907d4fa8

    • SHA1

      9dccb40ff857fce4fc19d76fa77db146d0f7fe9f

    • SHA256

      7703f5d04c7edc09c519324c1bda1eb3bb909e06c6830c5f8aa77174c37c31fa

    • SHA512

      5a962017e80e85dfb70a1f9d9c4eb4c4bc871e9f2233db81cd411f3a66725e215c80b4c5a90237fb46eca733d6f7e9b9d65e861bfdc96d88ef5b620a56e64136

    • SSDEEP

      24576:uHONivAtPbO+7BeG5rmkhygrWvWEirqNxXgpt9AMT5sNg:lMk1rDQgFEir7AMI

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks