General

  • Target

    5c1a26ce4184037e76c891a5e5bbe869

  • Size

    591KB

  • Sample

    240115-esgjjaaag6

  • MD5

    5c1a26ce4184037e76c891a5e5bbe869

  • SHA1

    369ae876f1b17f8f15dd4c220cbe1f9074aa6e19

  • SHA256

    2acd77454df37a149ed7e8c1cea4765dd3ce4453348320a37b027b343edf815a

  • SHA512

    0b825c5caf65e30b38d6fe30633ecefde82df32a1dbed279dbc5ad4c8839b482fd49e4d450ef0e5b73a9446e223ec94a61f706ae659ca0ebb9135b7ce5b3a0e7

  • SSDEEP

    12288:U4AhiYOo7l3nymGDcjbGi8hYHrksQDhVBku5uKBv807v3e:U4oiYOo7ln6DcnGzh

Malware Config

Extracted

Family

redline

Botnet

@Coca1ne666

C2

95.215.207.87:3058

Targets

    • Target

      5c1a26ce4184037e76c891a5e5bbe869

    • Size

      591KB

    • MD5

      5c1a26ce4184037e76c891a5e5bbe869

    • SHA1

      369ae876f1b17f8f15dd4c220cbe1f9074aa6e19

    • SHA256

      2acd77454df37a149ed7e8c1cea4765dd3ce4453348320a37b027b343edf815a

    • SHA512

      0b825c5caf65e30b38d6fe30633ecefde82df32a1dbed279dbc5ad4c8839b482fd49e4d450ef0e5b73a9446e223ec94a61f706ae659ca0ebb9135b7ce5b3a0e7

    • SSDEEP

      12288:U4AhiYOo7l3nymGDcjbGi8hYHrksQDhVBku5uKBv807v3e:U4oiYOo7ln6DcnGzh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks