General

  • Target

    57cbb7d00cb27f844a3b794703617734

  • Size

    587KB

  • Sample

    240113-dd219aagbn

  • MD5

    57cbb7d00cb27f844a3b794703617734

  • SHA1

    636e852e6b75ecddca3cc8de5aecb088ab9328b0

  • SHA256

    a3dcc6671290b07cb0b9f3fb57b347043d0e295628de1f378883114146842d4e

  • SHA512

    bc254a63dbb01d633ccafd12f35a1ee69fd22d08cfa326b07a6a491535a5d4382e117db1e1b3746a31ccdf0700afbe9c9b9e24f2a015704d8c5ab4ec7592c06b

  • SSDEEP

    12288:bkjhC163C5eA1GorPwwBwEdLFdP/p6LKVHbO/UqV:zwE13p

Malware Config

Extracted

Family

redline

Botnet

installzo

C2

185.186.142.245:1778

Targets

    • Target

      57cbb7d00cb27f844a3b794703617734

    • Size

      587KB

    • MD5

      57cbb7d00cb27f844a3b794703617734

    • SHA1

      636e852e6b75ecddca3cc8de5aecb088ab9328b0

    • SHA256

      a3dcc6671290b07cb0b9f3fb57b347043d0e295628de1f378883114146842d4e

    • SHA512

      bc254a63dbb01d633ccafd12f35a1ee69fd22d08cfa326b07a6a491535a5d4382e117db1e1b3746a31ccdf0700afbe9c9b9e24f2a015704d8c5ab4ec7592c06b

    • SSDEEP

      12288:bkjhC163C5eA1GorPwwBwEdLFdP/p6LKVHbO/UqV:zwE13p

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks