General

  • Target

    58302d460f03234df8465cc91b8ea8f5

  • Size

    193KB

  • Sample

    240113-gzaqnsead9

  • MD5

    58302d460f03234df8465cc91b8ea8f5

  • SHA1

    3ffe53e42f7721e4d64bbad00a4e0a78b16393a7

  • SHA256

    74038a3204b7afbe17745a745181860cd5c70e3d1a5c16c9aa0fbfcf8323e480

  • SHA512

    f5da5a9091e3c5dac471472129a1481694d2c46ad031d27b8131376b5e52499e992ca826ddfcdc5d898d6b2a60163316d08425e7c9956e637a0ea06795eca9c4

  • SSDEEP

    3072:EDKW1LgppLRHMY0TBfJvjcTp5XWHEh3B/b5LiIP148H3f:EDKW1Lgbdl0TBBvjc/WHEp/LiIP148P

Malware Config

Extracted

Family

redline

Botnet

Installbot8

C2

jbeaef.ga:80

Targets

    • Target

      58302d460f03234df8465cc91b8ea8f5

    • Size

      193KB

    • MD5

      58302d460f03234df8465cc91b8ea8f5

    • SHA1

      3ffe53e42f7721e4d64bbad00a4e0a78b16393a7

    • SHA256

      74038a3204b7afbe17745a745181860cd5c70e3d1a5c16c9aa0fbfcf8323e480

    • SHA512

      f5da5a9091e3c5dac471472129a1481694d2c46ad031d27b8131376b5e52499e992ca826ddfcdc5d898d6b2a60163316d08425e7c9956e637a0ea06795eca9c4

    • SSDEEP

      3072:EDKW1LgppLRHMY0TBfJvjcTp5XWHEh3B/b5LiIP148H3f:EDKW1Lgbdl0TBBvjc/WHEp/LiIP148P

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks