General

  • Target

    notorr.zip

  • Size

    552KB

  • Sample

    240708-kdflksshmd

  • MD5

    8af5f2d545b6a178a36a278d09c88441

  • SHA1

    60cec2dac90491d067c1495748ee9db83c5a5423

  • SHA256

    0abf020d43ae848495fe586a97df3d1efece4ad9ccbbbe33dba8566db514ec96

  • SHA512

    86fbb1751386ce3eec4ebfb0db5469a152d8cf2cb0be04f17e5ca46697d141f7011cfb9a460e8ef68e7bdf74cd97b7be893bfe8fe4aa91dec593aad055122519

  • SSDEEP

    12288:BphBfG+wahFoNC6p1mRbaXyJL/PU4YDtcRw64ABCiMqN6GBy+O:vWC6p1NSjU7/a5bNlO

Malware Config

Extracted

Family

redline

Botnet

french

C2

91.92.243.245:47477

Targets

    • Target

      b539acc51a48e2088f90ab0a82f60f38a784105712ef57542e8e1552a1c6aaad

    • Size

      1.0MB

    • MD5

      0a136df16d906821f105096987d43e11

    • SHA1

      5b4478cabb9e3d2673643235aa1980df5b2ea671

    • SHA256

      b539acc51a48e2088f90ab0a82f60f38a784105712ef57542e8e1552a1c6aaad

    • SHA512

      2f6b8014be9e4d2fc858fcf0b66690e3a6bc4dbd25ae7c52bd69c732dafa432b86ea6ffd45304d1fa9b58b8e6ee73ff6021a47b6158d0ea061f47c5590e812de

    • SSDEEP

      24576:AAHnh+eWsN3skA4RV1Hom2KXMmHa5R3MeYTslWVNB5:3h+ZkldoPK8Ya5R8eYSWVt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks