General

  • Target

    59399529325fbd4c34a031efe298277b

  • Size

    351KB

  • Sample

    240113-vcwlhsdeh8

  • MD5

    59399529325fbd4c34a031efe298277b

  • SHA1

    861997ddb05e50afdc899c8aae4ea958852b4def

  • SHA256

    a7dd08771e0b61f4adc9071bf6de08518be1b7260e631aac85eebf02dc28be3a

  • SHA512

    6c1a5ac2d97ee7fc5339a47914ea5fe5d57caf7d786ff50eee3149068a2cf7928c1df46ad0cc803b98470c6601ca27cbf6d9daf41d5737b9bd54f3b50673390a

  • SSDEEP

    6144:NaIgsPIvmVYSTEMt6ZeaeTgey3aB3t84AOX+9kzoYvFdaY+3Nv5tvo96RXCBlr:NxcmVTTEMt6ZheT+AVsWan3Nv5tg96RG

Malware Config

Extracted

Family

redline

Botnet

@armiaboy

C2

45.133.217.148:65255

Targets

    • Target

      59399529325fbd4c34a031efe298277b

    • Size

      351KB

    • MD5

      59399529325fbd4c34a031efe298277b

    • SHA1

      861997ddb05e50afdc899c8aae4ea958852b4def

    • SHA256

      a7dd08771e0b61f4adc9071bf6de08518be1b7260e631aac85eebf02dc28be3a

    • SHA512

      6c1a5ac2d97ee7fc5339a47914ea5fe5d57caf7d786ff50eee3149068a2cf7928c1df46ad0cc803b98470c6601ca27cbf6d9daf41d5737b9bd54f3b50673390a

    • SSDEEP

      6144:NaIgsPIvmVYSTEMt6ZeaeTgey3aB3t84AOX+9kzoYvFdaY+3Nv5tvo96RXCBlr:NxcmVTTEMt6ZheT+AVsWan3Nv5tg96RG

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks