General

  • Target

    589e206301d060e37e71eeb0aa958ff5

  • Size

    1.1MB

  • Sample

    240113-lt2pesgaek

  • MD5

    589e206301d060e37e71eeb0aa958ff5

  • SHA1

    39427e0a53c6250c28be93ce7ad1d45ff0c83d37

  • SHA256

    442f73c103785c32c0ccccff31ef1825bac78564548290a3e45308476cba4dd1

  • SHA512

    2c391a55186bfaa7a18fbdac44d564f0e5c02bd89e3a5cedff9e8427e0e1a3ba21bd147b81b1c56a19280c4f01a6747130fc0ed668bdc601723417b0d8dbc459

  • SSDEEP

    24576:1+rQaOizhRUzq/S9xmcSp8qSmmz4lRmrua3KfFrSb31:OnEq/YxS2Z+lRmrua7L1

Malware Config

Extracted

Family

redline

Botnet

@l_Like_a_Sir_l

C2

45.12.212.178:35752

Targets

    • Target

      589e206301d060e37e71eeb0aa958ff5

    • Size

      1.1MB

    • MD5

      589e206301d060e37e71eeb0aa958ff5

    • SHA1

      39427e0a53c6250c28be93ce7ad1d45ff0c83d37

    • SHA256

      442f73c103785c32c0ccccff31ef1825bac78564548290a3e45308476cba4dd1

    • SHA512

      2c391a55186bfaa7a18fbdac44d564f0e5c02bd89e3a5cedff9e8427e0e1a3ba21bd147b81b1c56a19280c4f01a6747130fc0ed668bdc601723417b0d8dbc459

    • SSDEEP

      24576:1+rQaOizhRUzq/S9xmcSp8qSmmz4lRmrua3KfFrSb31:OnEq/YxS2Z+lRmrua7L1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks