General

  • Target

    57d0d960e4b7a4d91ba76ed63733f651

  • Size

    594KB

  • Sample

    240113-dlalzabeg8

  • MD5

    57d0d960e4b7a4d91ba76ed63733f651

  • SHA1

    4b2beaabb4db2d61b0e38be8fe7554a7cb07f273

  • SHA256

    4ef7c382cc0efa37b7d009d78ae2e4cb023be523ba22d5f4b90a858123ea1be0

  • SHA512

    b24e65205839111f7ba0aa1a58bb7b56c334961cbe3288fc36bcff92b96576e096c302cc8c1c9060a2c40c041c3b548af131126008437c28678758796e7de38e

  • SSDEEP

    12288:rU9zXTkRC7igcqkAWt4A457juR2u1BIZ1FlAMe15:rKXnFe5

Malware Config

Extracted

Family

redline

Botnet

EU3

C2

185.234.247.197:33071

Targets

    • Target

      57d0d960e4b7a4d91ba76ed63733f651

    • Size

      594KB

    • MD5

      57d0d960e4b7a4d91ba76ed63733f651

    • SHA1

      4b2beaabb4db2d61b0e38be8fe7554a7cb07f273

    • SHA256

      4ef7c382cc0efa37b7d009d78ae2e4cb023be523ba22d5f4b90a858123ea1be0

    • SHA512

      b24e65205839111f7ba0aa1a58bb7b56c334961cbe3288fc36bcff92b96576e096c302cc8c1c9060a2c40c041c3b548af131126008437c28678758796e7de38e

    • SSDEEP

      12288:rU9zXTkRC7igcqkAWt4A457juR2u1BIZ1FlAMe15:rKXnFe5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks