General

  • Target

    56203d10acb3cf9fcb6aa558da80baa0

  • Size

    645KB

  • Sample

    240112-ltgz1sedf8

  • MD5

    56203d10acb3cf9fcb6aa558da80baa0

  • SHA1

    e6c3f65354331934a7fa97f73f27c43f9315169e

  • SHA256

    477dadb0b5ba2a88ae80d03b9c35a644baca79056f9f71876a043d9d5faf5654

  • SHA512

    5c450982e01123bfa7a96d579c73b0cd4e07f96bbdbfeaa2526f2bf731492cb065b989318f5591c75264669364d508e890e641cc772c306ee1e7f87d926ae024

  • SSDEEP

    6144:YvlT/McAK0o+mjgQrsSCC2gAg+caotTY9/jMxej1K5ULqUuW+gTY1muAirbd:YvlT/Mcjj

Malware Config

Extracted

Family

redline

Botnet

4

C2

talueratas.xyz:80

Targets

    • Target

      56203d10acb3cf9fcb6aa558da80baa0

    • Size

      645KB

    • MD5

      56203d10acb3cf9fcb6aa558da80baa0

    • SHA1

      e6c3f65354331934a7fa97f73f27c43f9315169e

    • SHA256

      477dadb0b5ba2a88ae80d03b9c35a644baca79056f9f71876a043d9d5faf5654

    • SHA512

      5c450982e01123bfa7a96d579c73b0cd4e07f96bbdbfeaa2526f2bf731492cb065b989318f5591c75264669364d508e890e641cc772c306ee1e7f87d926ae024

    • SSDEEP

      6144:YvlT/McAK0o+mjgQrsSCC2gAg+caotTY9/jMxej1K5ULqUuW+gTY1muAirbd:YvlT/Mcjj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks