General

  • Target

    5acf104e117a7153e662aaff93bf9445

  • Size

    1.0MB

  • Sample

    240114-kqly5agbe8

  • MD5

    5acf104e117a7153e662aaff93bf9445

  • SHA1

    eaed74b2796c959458626d57efde4c96f05fdfda

  • SHA256

    037b62cbe1d36e02a1232e3a0f627fc895be169fe16f8492a5f6a648120bb255

  • SHA512

    c94f20ee5e9ac201fad63433db80c62790b009a027950ea117987e43791b667bea486de4c26a4d78ecb37b066aa136ae48ef451b0ca165906a029b8b96f3e9ed

  • SSDEEP

    12288:DJfV6aJC6jog1/Q8ISZ07iS/d348yoBoRoDoyooS8kbFL4a8Zj/lmiQpckCz1Mg5:f6aV/Q8BS/d3YK64J5k5jSQpc24Ud8

Malware Config

Extracted

Family

redline

C2

newlife957.duckdns.org:7225

Targets

    • Target

      5acf104e117a7153e662aaff93bf9445

    • Size

      1.0MB

    • MD5

      5acf104e117a7153e662aaff93bf9445

    • SHA1

      eaed74b2796c959458626d57efde4c96f05fdfda

    • SHA256

      037b62cbe1d36e02a1232e3a0f627fc895be169fe16f8492a5f6a648120bb255

    • SHA512

      c94f20ee5e9ac201fad63433db80c62790b009a027950ea117987e43791b667bea486de4c26a4d78ecb37b066aa136ae48ef451b0ca165906a029b8b96f3e9ed

    • SSDEEP

      12288:DJfV6aJC6jog1/Q8ISZ07iS/d348yoBoRoDoyooS8kbFL4a8Zj/lmiQpckCz1Mg5:f6aV/Q8BS/d3YK64J5k5jSQpc24Ud8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks