General

  • Target

    3db5dadd027c10b86d0aeadf0a9126e0N.exe

  • Size

    196KB

  • Sample

    240819-3n34qswdlp

  • MD5

    3db5dadd027c10b86d0aeadf0a9126e0

  • SHA1

    f7551134167deb54ea43bb7f6bc0d2b43e4a6f68

  • SHA256

    d408d78c62101063caa7dd0e31ebd4f20ae95691df3c7fe5f085cad2073c2405

  • SHA512

    014b72b2b0dc6d61ab171067d76b1bceb81ec8a889e46cea98fb29ba32962f15139c0fcadc86a2d8d3e34ccb03a4540743cc79e19d9a1156cdf059d8431e8b7d

  • SSDEEP

    3072:ADKW1LgppLRHMY0TBfJvjcTp5XwyvV1W4Zq+nJ5tNcLKxmKcgAi:ADKW1Lgbdl0TBBvjc/DqitmIA

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

188.124.36.242:25802

Targets

    • Target

      3db5dadd027c10b86d0aeadf0a9126e0N.exe

    • Size

      196KB

    • MD5

      3db5dadd027c10b86d0aeadf0a9126e0

    • SHA1

      f7551134167deb54ea43bb7f6bc0d2b43e4a6f68

    • SHA256

      d408d78c62101063caa7dd0e31ebd4f20ae95691df3c7fe5f085cad2073c2405

    • SHA512

      014b72b2b0dc6d61ab171067d76b1bceb81ec8a889e46cea98fb29ba32962f15139c0fcadc86a2d8d3e34ccb03a4540743cc79e19d9a1156cdf059d8431e8b7d

    • SSDEEP

      3072:ADKW1LgppLRHMY0TBfJvjcTp5XwyvV1W4Zq+nJ5tNcLKxmKcgAi:ADKW1Lgbdl0TBBvjc/DqitmIA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks