General

  • Target

    7b55b49207f0dac3eca563a9e18fbda0f73e71d050c982882889ebe1c3e1e5d5

  • Size

    70.1MB

  • Sample

    240821-n63hlaxdkd

  • MD5

    5e05d6146e89de683e5b3326af472e77

  • SHA1

    3ec63ddf55850c5e0611179fcfdbccd46dfdf265

  • SHA256

    7b55b49207f0dac3eca563a9e18fbda0f73e71d050c982882889ebe1c3e1e5d5

  • SHA512

    7f9d2753f05c118db71ddf23ef44eb62b8e3e16f151dab0350cab633448aab7ce1ed406b3cae7d6ccffd276fad53e5f76c35ee8984d2f3cf982fd683a607f574

  • SSDEEP

    393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qRsGg4GUo3NX:lWoI7zGP5ahWc3Im5

Malware Config

Extracted

Family

redline

Botnet

cs

C2

194.49.68.19:4483

Targets

    • Target

      7b55b49207f0dac3eca563a9e18fbda0f73e71d050c982882889ebe1c3e1e5d5

    • Size

      70.1MB

    • MD5

      5e05d6146e89de683e5b3326af472e77

    • SHA1

      3ec63ddf55850c5e0611179fcfdbccd46dfdf265

    • SHA256

      7b55b49207f0dac3eca563a9e18fbda0f73e71d050c982882889ebe1c3e1e5d5

    • SHA512

      7f9d2753f05c118db71ddf23ef44eb62b8e3e16f151dab0350cab633448aab7ce1ed406b3cae7d6ccffd276fad53e5f76c35ee8984d2f3cf982fd683a607f574

    • SSDEEP

      393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qRsGg4GUo3NX:lWoI7zGP5ahWc3Im5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks