General

  • Target

    5aca77ba128b5cce7b993c77e663c25e

  • Size

    478KB

  • Sample

    240114-kjzlmsgaf6

  • MD5

    5aca77ba128b5cce7b993c77e663c25e

  • SHA1

    51921ffaa2c3d5ac58e93f15c60cfc6d981ff05c

  • SHA256

    2e8e59eb04b473054402a130152a2e666f57cd07c6a7116edf4a4ea5ec20b271

  • SHA512

    a586f6409821b965d3aaf26578cf8dbccb9ad938aac1807561961c7be74766c3cca8571a2aeca3c74eec53fdc3ac7aa5a8c1b48ba2d47179df7210ce83f409d3

  • SSDEEP

    12288:bM4EC8EqakgEb3rfmxEk+e23OvY7Caok1Hnv:Ru

Malware Config

Extracted

Family

redline

Botnet

230721

C2

cookiebrokrash.info:80

Targets

    • Target

      5aca77ba128b5cce7b993c77e663c25e

    • Size

      478KB

    • MD5

      5aca77ba128b5cce7b993c77e663c25e

    • SHA1

      51921ffaa2c3d5ac58e93f15c60cfc6d981ff05c

    • SHA256

      2e8e59eb04b473054402a130152a2e666f57cd07c6a7116edf4a4ea5ec20b271

    • SHA512

      a586f6409821b965d3aaf26578cf8dbccb9ad938aac1807561961c7be74766c3cca8571a2aeca3c74eec53fdc3ac7aa5a8c1b48ba2d47179df7210ce83f409d3

    • SSDEEP

      12288:bM4EC8EqakgEb3rfmxEk+e23OvY7Caok1Hnv:Ru

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks