General

  • Target

    5afa4c042d36ce71933b73b8386f2c1f

  • Size

    1.1MB

  • Sample

    240114-ma3caahbg2

  • MD5

    5afa4c042d36ce71933b73b8386f2c1f

  • SHA1

    1551d88396d1aa1defd7b996ae30b44c152bceb7

  • SHA256

    90398efa0eb70a688abafce9e5129f0237771127250e0f4ea12252daef0a1543

  • SHA512

    65cf5884fb4d60fdada268188f3c0c1179b6b610f4bbf7ca0112a9ab6ac2d1d0d440754b918b0dc3ad1b94ab4a9f77c9e669369cdb77e5297cfb4888bdac6453

  • SSDEEP

    24576:c1iXqJXom/9uFsvZgPTuVEDrVot6r3RB1dWrpXSjGElatXeFM:mqmqsxayKDru+3RrKXSSEktOFM

Malware Config

Extracted

Family

redline

Botnet

@Rafael6666

C2

185.206.215.216:80

Targets

    • Target

      5afa4c042d36ce71933b73b8386f2c1f

    • Size

      1.1MB

    • MD5

      5afa4c042d36ce71933b73b8386f2c1f

    • SHA1

      1551d88396d1aa1defd7b996ae30b44c152bceb7

    • SHA256

      90398efa0eb70a688abafce9e5129f0237771127250e0f4ea12252daef0a1543

    • SHA512

      65cf5884fb4d60fdada268188f3c0c1179b6b610f4bbf7ca0112a9ab6ac2d1d0d440754b918b0dc3ad1b94ab4a9f77c9e669369cdb77e5297cfb4888bdac6453

    • SSDEEP

      24576:c1iXqJXom/9uFsvZgPTuVEDrVot6r3RB1dWrpXSjGElatXeFM:mqmqsxayKDru+3RrKXSSEktOFM

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks