General

  • Target

    56f43b7aadd2ecb4dd9e5b29e155879c

  • Size

    1.4MB

  • Sample

    240112-tz97raccf8

  • MD5

    56f43b7aadd2ecb4dd9e5b29e155879c

  • SHA1

    dbb31825f23738a271a8c15743aa6db8cca47665

  • SHA256

    503adcbbdd31b1398aa676a524163a5f4fc342b2722da40c20a422fcd926d345

  • SHA512

    0210a7f1917e541ff5d48f277810532f0515e376d291b8f1e0848eff740b8a770e965333d005b9646c794edceb6154b0bd5c1f6618522b238ec621af4e53e3e8

  • SSDEEP

    24576:e00F8WjlFjzkp7D8056p+R2SDrT3RRimyrRWBGFGI0EqduKU0Y6xtxrukomfk6P0:exF8WjlFjzkp7D8051533r4GGgIFqduN

Malware Config

Extracted

Family

redline

Botnet

Fonti

C2

87.251.71.78:80

Targets

    • Target

      56f43b7aadd2ecb4dd9e5b29e155879c

    • Size

      1.4MB

    • MD5

      56f43b7aadd2ecb4dd9e5b29e155879c

    • SHA1

      dbb31825f23738a271a8c15743aa6db8cca47665

    • SHA256

      503adcbbdd31b1398aa676a524163a5f4fc342b2722da40c20a422fcd926d345

    • SHA512

      0210a7f1917e541ff5d48f277810532f0515e376d291b8f1e0848eff740b8a770e965333d005b9646c794edceb6154b0bd5c1f6618522b238ec621af4e53e3e8

    • SSDEEP

      24576:e00F8WjlFjzkp7D8056p+R2SDrT3RRimyrRWBGFGI0EqduKU0Y6xtxrukomfk6P0:exF8WjlFjzkp7D8051533r4GGgIFqduN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks