General

  • Target

    5aa0f6fe71bfa5d534e6b0c54181aed1

  • Size

    399KB

  • Sample

    240114-h7zkfaebfn

  • MD5

    5aa0f6fe71bfa5d534e6b0c54181aed1

  • SHA1

    fe113ced2df6f9b01c617a039a6e040f7e935dac

  • SHA256

    540696411a1e0440408c5372571ad0ff5e67230d62cbd8533b6338e03b85cf79

  • SHA512

    f7d110169e74ca8ce09aa67fd1b56567f1d42fdcebe822c4d608dde7300e441db68e6b51213d49a5c40d006ef20db4ff74689c33f37814d2267a3689f6e878b6

  • SSDEEP

    6144:lJCUD10/h1zbK9j32mBgwlsSJHY5yF9Ml1dXsbe9VKNTsJRJggT:5qEFXlLHY5M6sbe9VKN8RJfT

Malware Config

Extracted

Family

redline

Botnet

@a0867183086d949f0c153b3bbcf46510

C2

95.215.207.185:64399

Targets

    • Target

      5aa0f6fe71bfa5d534e6b0c54181aed1

    • Size

      399KB

    • MD5

      5aa0f6fe71bfa5d534e6b0c54181aed1

    • SHA1

      fe113ced2df6f9b01c617a039a6e040f7e935dac

    • SHA256

      540696411a1e0440408c5372571ad0ff5e67230d62cbd8533b6338e03b85cf79

    • SHA512

      f7d110169e74ca8ce09aa67fd1b56567f1d42fdcebe822c4d608dde7300e441db68e6b51213d49a5c40d006ef20db4ff74689c33f37814d2267a3689f6e878b6

    • SSDEEP

      6144:lJCUD10/h1zbK9j32mBgwlsSJHY5yF9Ml1dXsbe9VKNTsJRJggT:5qEFXlLHY5M6sbe9VKN8RJfT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks