General

  • Target

    564ad29d7aa1cd34176351f5bcb9a414

  • Size

    2.3MB

  • Sample

    240112-m89h9aegbj

  • MD5

    564ad29d7aa1cd34176351f5bcb9a414

  • SHA1

    9df4d861bef1825723099248690aba433d452d4b

  • SHA256

    a273da9b1c6f6c0c15feb74ed55a3c55c8804bcca780213bf3ea488ba756ba76

  • SHA512

    f10206f428cd7a70fa5321e3e56703e28c50d5fd94c77217339e2e0a198dfa511495c505423437c5336ee50d35e805d8e2176f6a53e52cc86f90712b0e931633

  • SSDEEP

    49152:i5+hFq649Y4TfWw7c6IC0Nnzf4ZS5eVCmgxiz8lVHTIioOFZQ+E:i5aFeW4jWwIXNcMxiqZ7E

Malware Config

Extracted

Family

redline

Botnet

@gliabksb

C2

77.220.214.232:13459

Targets

    • Target

      564ad29d7aa1cd34176351f5bcb9a414

    • Size

      2.3MB

    • MD5

      564ad29d7aa1cd34176351f5bcb9a414

    • SHA1

      9df4d861bef1825723099248690aba433d452d4b

    • SHA256

      a273da9b1c6f6c0c15feb74ed55a3c55c8804bcca780213bf3ea488ba756ba76

    • SHA512

      f10206f428cd7a70fa5321e3e56703e28c50d5fd94c77217339e2e0a198dfa511495c505423437c5336ee50d35e805d8e2176f6a53e52cc86f90712b0e931633

    • SSDEEP

      49152:i5+hFq649Y4TfWw7c6IC0Nnzf4ZS5eVCmgxiz8lVHTIioOFZQ+E:i5aFeW4jWwIXNcMxiqZ7E

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks