General

  • Target

    571ec37bbc0a7b94c3a3829ee47e5bad

  • Size

    216KB

  • Sample

    240112-whfmxscghl

  • MD5

    571ec37bbc0a7b94c3a3829ee47e5bad

  • SHA1

    ef44ce30e13c73e4b07e3067b1e2107fe8948d8b

  • SHA256

    459a684a6e6299ffbd967855a504ff2311cba4a8eccae192b1f4146cc3bf7382

  • SHA512

    6a9d95f3d47f1e2ef45db236efbb8bc265fdfb9979163c6e7d2f51fb204be4930fe06b1ba63047482b7c9f34d7cb72106178484fead7f332abea22d733aa84b6

  • SSDEEP

    3072:ktHnC1FHiLW9Oxi8uFbNUaBAICgV04WEyF5uXa0ToO/wumRE6Q14vmOw38a9Mm:kkmLBxczCmJyTu3p9OQ1qoYm

Malware Config

Extracted

Family

redline

Botnet

Cryptex0816

C2

185.92.73.140:80

Targets

    • Target

      571ec37bbc0a7b94c3a3829ee47e5bad

    • Size

      216KB

    • MD5

      571ec37bbc0a7b94c3a3829ee47e5bad

    • SHA1

      ef44ce30e13c73e4b07e3067b1e2107fe8948d8b

    • SHA256

      459a684a6e6299ffbd967855a504ff2311cba4a8eccae192b1f4146cc3bf7382

    • SHA512

      6a9d95f3d47f1e2ef45db236efbb8bc265fdfb9979163c6e7d2f51fb204be4930fe06b1ba63047482b7c9f34d7cb72106178484fead7f332abea22d733aa84b6

    • SSDEEP

      3072:ktHnC1FHiLW9Oxi8uFbNUaBAICgV04WEyF5uXa0ToO/wumRE6Q14vmOw38a9Mm:kkmLBxczCmJyTu3p9OQ1qoYm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks