General

  • Target

    5b8ed6a7bb56fe0a482033b9a7a867cd

  • Size

    119KB

  • Sample

    240114-w7z3vscehl

  • MD5

    5b8ed6a7bb56fe0a482033b9a7a867cd

  • SHA1

    9ba90cb15c9559b4d53beb7c9ee37944d0ddcfe0

  • SHA256

    bd8e7b51bd1f05d761e2bfaccfb7b3ec87ac8cee1947ce3bd9c7687b495d861a

  • SHA512

    26e20b05b79374914f68e7426acef638ee783b59b98fc78c275a90d3b0253283c0d53dc5cab512db5bf277156a70eeed7ea0996f89f348bc77825dedc0860c74

  • SSDEEP

    3072:qhgQ0KKmY9mYZpxIqA+WAmJzCO6OUKowomlG6/13:qhgQ0KKPmY/WqA+WhzCydG69

Malware Config

Extracted

Family

redline

Botnet

@usernameP1P

C2

45.14.12.90:52072

Targets

    • Target

      5b8ed6a7bb56fe0a482033b9a7a867cd

    • Size

      119KB

    • MD5

      5b8ed6a7bb56fe0a482033b9a7a867cd

    • SHA1

      9ba90cb15c9559b4d53beb7c9ee37944d0ddcfe0

    • SHA256

      bd8e7b51bd1f05d761e2bfaccfb7b3ec87ac8cee1947ce3bd9c7687b495d861a

    • SHA512

      26e20b05b79374914f68e7426acef638ee783b59b98fc78c275a90d3b0253283c0d53dc5cab512db5bf277156a70eeed7ea0996f89f348bc77825dedc0860c74

    • SSDEEP

      3072:qhgQ0KKmY9mYZpxIqA+WAmJzCO6OUKowomlG6/13:qhgQ0KKPmY/WqA+WhzCydG69

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks