General

  • Target

    build.exe

  • Size

    95KB

  • Sample

    240427-ydkr7afd4x

  • MD5

    0c1a6e4b3c77da7e5ffb3e92766737fe

  • SHA1

    e354d7322452a91b6ddd5cc158e4bae85aab7d2a

  • SHA256

    a554822e2d1e34d174f9a7ee68e96cf0f2751509748c26ef3f21ab8f7deddaa9

  • SHA512

    4fa2bfa44f45c0fd24e1aeb15ac1749441cd2fc070a35f39e3cf1ae58aa6981aa0c5f6de65c25f4d5d1f8d2a9da7c5a8569eccfdb169599e4a07790b60c6231c

  • SSDEEP

    1536:Vqsm5qeUlbG6jejoigI843Ywzi0Zb78ivombfexv0ujXyyed2StmulgS6pA:TKlMY8+zi0ZbYe1g0ujyzdGA

Malware Config

Extracted

Family

redline

Botnet

test1

C2

ii-restored.gl.at.ply.gg:43416

Targets

    • Target

      build.exe

    • Size

      95KB

    • MD5

      0c1a6e4b3c77da7e5ffb3e92766737fe

    • SHA1

      e354d7322452a91b6ddd5cc158e4bae85aab7d2a

    • SHA256

      a554822e2d1e34d174f9a7ee68e96cf0f2751509748c26ef3f21ab8f7deddaa9

    • SHA512

      4fa2bfa44f45c0fd24e1aeb15ac1749441cd2fc070a35f39e3cf1ae58aa6981aa0c5f6de65c25f4d5d1f8d2a9da7c5a8569eccfdb169599e4a07790b60c6231c

    • SSDEEP

      1536:Vqsm5qeUlbG6jejoigI843Ywzi0Zb78ivombfexv0ujXyyed2StmulgS6pA:TKlMY8+zi0ZbYe1g0ujyzdGA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks