General

  • Target

    Yc3OSkUSm5dLQY906NXrU_Xf.exe

  • Size

    589KB

  • Sample

    240712-v5k1gstbkp

  • MD5

    34c76bcc1506b513c7a1ac605c045c4e

  • SHA1

    271c6b3853e33e039242da7cf8f4465c48e90d2e

  • SHA256

    1e7f2339065e8a6909eea27f090499a1af6427d1563ceac0cd25c916c637d29d

  • SHA512

    cb2170b5fa492dcb7df54cfd7f4ad94214de98face0f1710cbad749c79bf322ea1106ace723520486bdeabdf0aa2eefbf70dcc060d61fcda1124298225c36865

  • SSDEEP

    12288:fhdKHkwkYGXXRJRC7ijHRAWteLwnHdYnXQ6mr4ZFrUD:fzKYQv

Malware Config

Extracted

Family

redline

Botnet

23.08

C2

95.181.172.100:55640

Targets

    • Target

      Yc3OSkUSm5dLQY906NXrU_Xf.exe

    • Size

      589KB

    • MD5

      34c76bcc1506b513c7a1ac605c045c4e

    • SHA1

      271c6b3853e33e039242da7cf8f4465c48e90d2e

    • SHA256

      1e7f2339065e8a6909eea27f090499a1af6427d1563ceac0cd25c916c637d29d

    • SHA512

      cb2170b5fa492dcb7df54cfd7f4ad94214de98face0f1710cbad749c79bf322ea1106ace723520486bdeabdf0aa2eefbf70dcc060d61fcda1124298225c36865

    • SSDEEP

      12288:fhdKHkwkYGXXRJRC7ijHRAWteLwnHdYnXQ6mr4ZFrUD:fzKYQv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks