General

  • Target

    565c34eb58a9bfa804051d438e1381b3

  • Size

    326KB

  • Sample

    240112-ns449sfhh2

  • MD5

    565c34eb58a9bfa804051d438e1381b3

  • SHA1

    28be2c036f66e91e94445fd3b88ee7ddfceb2d29

  • SHA256

    954d96a3f487a2c1fc0f05f8a122644ebbfa5cd65d2a98e5f93e0327d4066b89

  • SHA512

    599f55b02ea4b65bd1f9b33665634d71908fb2a852d6def2c1fd13363753cbc0d899fc1b22b5cb5956d5784e5cb65d0a6944deab98526c175ff89376fd9b4668

  • SSDEEP

    6144:XpKCErsVtHyZANR8YdU/1bbJwYKBhnDauR0F4W:XpKCVHyZQRFKjKrnDh

Malware Config

Extracted

Family

redline

Botnet

new#3

C2

185.215.113.41:21254

Targets

    • Target

      565c34eb58a9bfa804051d438e1381b3

    • Size

      326KB

    • MD5

      565c34eb58a9bfa804051d438e1381b3

    • SHA1

      28be2c036f66e91e94445fd3b88ee7ddfceb2d29

    • SHA256

      954d96a3f487a2c1fc0f05f8a122644ebbfa5cd65d2a98e5f93e0327d4066b89

    • SHA512

      599f55b02ea4b65bd1f9b33665634d71908fb2a852d6def2c1fd13363753cbc0d899fc1b22b5cb5956d5784e5cb65d0a6944deab98526c175ff89376fd9b4668

    • SSDEEP

      6144:XpKCErsVtHyZANR8YdU/1bbJwYKBhnDauR0F4W:XpKCVHyZQRFKjKrnDh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks