General

  • Target

    575cddd17ff8d7127e66797e14b82213

  • Size

    2.0MB

  • Sample

    240112-ymx4wafba5

  • MD5

    575cddd17ff8d7127e66797e14b82213

  • SHA1

    3a4524d531ad39fbebef2f8c5973aee350c79332

  • SHA256

    8b57e63ca7ed0ec0c3c152ed8ff71fa6156664008df4e3f75a4cf56db2c44f41

  • SHA512

    f674532cd7fa31f00f267c3c866ff0c1359aa0e3c18860db587263bdf4051408f98df500909c77badcc97998554092e9dae907fffd75fd912452af531c106938

  • SSDEEP

    49152:SC82pr6Xm2TEalaSOO6mhSq0eVkLPxHUONG5hWY3KF:SCz6DEalaS96k0MkjbEGM

Malware Config

Extracted

Family

redline

Botnet

Ixori228

C2

185.172.129.61:52372

Targets

    • Target

      575cddd17ff8d7127e66797e14b82213

    • Size

      2.0MB

    • MD5

      575cddd17ff8d7127e66797e14b82213

    • SHA1

      3a4524d531ad39fbebef2f8c5973aee350c79332

    • SHA256

      8b57e63ca7ed0ec0c3c152ed8ff71fa6156664008df4e3f75a4cf56db2c44f41

    • SHA512

      f674532cd7fa31f00f267c3c866ff0c1359aa0e3c18860db587263bdf4051408f98df500909c77badcc97998554092e9dae907fffd75fd912452af531c106938

    • SSDEEP

      49152:SC82pr6Xm2TEalaSOO6mhSq0eVkLPxHUONG5hWY3KF:SCz6DEalaS96k0MkjbEGM

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks