General

  • Target

    574e65a93cc5b01b3631e89071832315

  • Size

    1.3MB

  • Sample

    240112-x5hw8segb8

  • MD5

    574e65a93cc5b01b3631e89071832315

  • SHA1

    d27967461025d9d3629fec2cf6a29cca3920ad66

  • SHA256

    25e30effa19d7ac435e31a126a0ff3b36728a80d5ba2cc3ef89961cc5b46ed02

  • SHA512

    4d4e653caec2eac763f156e39effb91f501808735c54b2b3571e734d9b41a88827776f0981210b9528b6c1f9bc6072731310a5e543e027dfc6d8dfba97fb0f71

  • SSDEEP

    6144:/n8hUfR1Gd0mECgb/lOfQk06yZLZywo51WSG:UhsR1Gd0mEXb/YfQk06yZLZywo51Wz

Malware Config

Extracted

Family

redline

Botnet

@ebooLZT_1

C2

ierinapu.xyz:80

Targets

    • Target

      574e65a93cc5b01b3631e89071832315

    • Size

      1.3MB

    • MD5

      574e65a93cc5b01b3631e89071832315

    • SHA1

      d27967461025d9d3629fec2cf6a29cca3920ad66

    • SHA256

      25e30effa19d7ac435e31a126a0ff3b36728a80d5ba2cc3ef89961cc5b46ed02

    • SHA512

      4d4e653caec2eac763f156e39effb91f501808735c54b2b3571e734d9b41a88827776f0981210b9528b6c1f9bc6072731310a5e543e027dfc6d8dfba97fb0f71

    • SSDEEP

      6144:/n8hUfR1Gd0mECgb/lOfQk06yZLZywo51WSG:UhsR1Gd0mEXb/YfQk06yZLZywo51Wz

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks