General

  • Target

    Contract Quotation Details - Rotational Suppl.exe

  • Size

    1.0MB

  • Sample

    240712-bz81kswamf

  • MD5

    715d0979fbadb19889e7963f7c33f501

  • SHA1

    3ad746befebb85f942868a1f5338cb4e36f355e1

  • SHA256

    1b57c64883831484a42351afc0319f33f2dd4ed19b60461a9f65cba5bae1ecd5

  • SHA512

    639a322cf569f6d8aeb03c4ddfc8db30f81cc13ab0f3ec1fa19f644c88393adfac24964392c61b0ec213499fd5603b9d51af240aba447226b4357ff8c4571d8a

  • SSDEEP

    24576:7AHnh+eWsN3skA4RV1Hom2KXMmHa7cGNS5Z5:Wh+ZkldoPK8Ya7crx

Malware Config

Extracted

Family

redline

Botnet

french

C2

91.92.243.245:47477

Targets

    • Target

      Contract Quotation Details - Rotational Suppl.exe

    • Size

      1.0MB

    • MD5

      715d0979fbadb19889e7963f7c33f501

    • SHA1

      3ad746befebb85f942868a1f5338cb4e36f355e1

    • SHA256

      1b57c64883831484a42351afc0319f33f2dd4ed19b60461a9f65cba5bae1ecd5

    • SHA512

      639a322cf569f6d8aeb03c4ddfc8db30f81cc13ab0f3ec1fa19f644c88393adfac24964392c61b0ec213499fd5603b9d51af240aba447226b4357ff8c4571d8a

    • SSDEEP

      24576:7AHnh+eWsN3skA4RV1Hom2KXMmHa7cGNS5Z5:Wh+ZkldoPK8Ya7crx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks