General

  • Target

    Contract Quotation Details - Rotational Supply Listing pdf.cab

  • Size

    477KB

  • Sample

    240712-nvkteasapj

  • MD5

    85ee1e327138da51402128bf7936a997

  • SHA1

    16e19ff2c8a35c381373ca2a19d8c26ef9c9dc73

  • SHA256

    db9d182c6b672f425af7a898d20667df39c19ad6b3369ba5c289545c9e94e235

  • SHA512

    7b7c29fcc68b63c81cfb22b562ceede2d1705c7afd542721ad6d15bcc9b64132994cdb5f7f01d61490910c406e08419caec87e120fff6a674ac16860125b6007

  • SSDEEP

    6144:k2C3DwqQAVB2QZTfctx/iBiMc9+82Mcnr4n1UY7mxRQCpgnV5gHENdZ15/QDvF9M:SzB3l2UBjc9+8VcG1rmxRQ5DgmZHgCe8

Malware Config

Extracted

Family

redline

Botnet

french

C2

91.92.243.245:47477

Targets

    • Target

      Contract Quotation Details - Rotational Supply Listing pdf.exe

    • Size

      1.0MB

    • MD5

      715d0979fbadb19889e7963f7c33f501

    • SHA1

      3ad746befebb85f942868a1f5338cb4e36f355e1

    • SHA256

      1b57c64883831484a42351afc0319f33f2dd4ed19b60461a9f65cba5bae1ecd5

    • SHA512

      639a322cf569f6d8aeb03c4ddfc8db30f81cc13ab0f3ec1fa19f644c88393adfac24964392c61b0ec213499fd5603b9d51af240aba447226b4357ff8c4571d8a

    • SSDEEP

      24576:7AHnh+eWsN3skA4RV1Hom2KXMmHa7cGNS5Z5:Wh+ZkldoPK8Ya7crx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks