General

  • Target

    e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963

  • Size

    1.1MB

  • Sample

    240707-fg975stgrq

  • MD5

    661b490ece39543114d5dd156b6a96f8

  • SHA1

    36c124a39300b7ff411d963637431c0c7baa4915

  • SHA256

    e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963

  • SHA512

    496ab96263145428849eed54cd2d9402b2ed1e1e983824f357f45cc3e1df6b447f8d8f6a8cbd168b3a67cb850aef27368542cb6343541796c2cecdc53f309f18

  • SSDEEP

    12288:jIlFI5IrYmHzd17Gg0F86zdlDCQjijwzZjlW1wBwPWAY:jKxrYmTryh7DCwij2NlWOBw+AY

Malware Config

Extracted

Family

redline

Botnet

halle

C2

194.55.186.180:55123

Targets

    • Target

      e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963

    • Size

      1.1MB

    • MD5

      661b490ece39543114d5dd156b6a96f8

    • SHA1

      36c124a39300b7ff411d963637431c0c7baa4915

    • SHA256

      e5e068221c86201cef673bfb25b68785d599fccb75e59970edeff9a2b3ab7963

    • SHA512

      496ab96263145428849eed54cd2d9402b2ed1e1e983824f357f45cc3e1df6b447f8d8f6a8cbd168b3a67cb850aef27368542cb6343541796c2cecdc53f309f18

    • SSDEEP

      12288:jIlFI5IrYmHzd17Gg0F86zdlDCQjijwzZjlW1wBwPWAY:jKxrYmTryh7DCwij2NlWOBw+AY

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks