General

  • Target

    56a2f136dabb15f592ee2cea513b162f

  • Size

    1.3MB

  • Sample

    240112-q65ztshbfn

  • MD5

    56a2f136dabb15f592ee2cea513b162f

  • SHA1

    d4a78045bf565e136ff82c631656d5da10f018a5

  • SHA256

    3e80779dd8960bf927d348f5e2d2068c9a86d4a194f4f24d02e84681d999b730

  • SHA512

    f9bad086e8f4df6c25c9cd85a48d696753fc17eff76115ffebd1df9cfa04d47714b6896fd40bef697c3b66674fcf4895ed51da15fb4ae30a748cc04dd4eda624

  • SSDEEP

    24576:q1VMNjHBMnKPCNys/5YgBu60Ehj+LNs8s89D19nu3:qEhHNPC/igUdEhjEs8Z9nE

Malware Config

Extracted

Family

redline

Botnet

@aran_welaso20

C2

45.82.176.76:43679

Targets

    • Target

      56a2f136dabb15f592ee2cea513b162f

    • Size

      1.3MB

    • MD5

      56a2f136dabb15f592ee2cea513b162f

    • SHA1

      d4a78045bf565e136ff82c631656d5da10f018a5

    • SHA256

      3e80779dd8960bf927d348f5e2d2068c9a86d4a194f4f24d02e84681d999b730

    • SHA512

      f9bad086e8f4df6c25c9cd85a48d696753fc17eff76115ffebd1df9cfa04d47714b6896fd40bef697c3b66674fcf4895ed51da15fb4ae30a748cc04dd4eda624

    • SSDEEP

      24576:q1VMNjHBMnKPCNys/5YgBu60Ehj+LNs8s89D19nu3:qEhHNPC/igUdEhjEs8Z9nE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Downloads MZ/PE file

MITRE ATT&CK Matrix

Tasks