General

  • Target

    downloader20.exe

  • Size

    70.1MB

  • Sample

    240821-n8dx1sxdqb

  • MD5

    da8a62aebe74e7832fdda6d5fe4e707e

  • SHA1

    c2b471a2c563de0c0ce20f3ef2cd0efaf186a57c

  • SHA256

    6484f7be173ced1fa9f430ad9fd89ce0b14f5ee00f806757b35097521dacf8ab

  • SHA512

    977953558ed674e4d2e8babc6ba27e453aed84094ebba8dc415e90b54ca92f21a1c11f108a021c970e8839a6a388271f41ef9daf2355edb9c443d7d767cbdd09

  • SSDEEP

    393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qRsGg4GUo3NT:lWoI7zGP5ahWc3Imx

Malware Config

Extracted

Family

redline

Botnet

cs

C2

194.49.68.19:4483

Targets

    • Target

      downloader20.exe

    • Size

      70.1MB

    • MD5

      da8a62aebe74e7832fdda6d5fe4e707e

    • SHA1

      c2b471a2c563de0c0ce20f3ef2cd0efaf186a57c

    • SHA256

      6484f7be173ced1fa9f430ad9fd89ce0b14f5ee00f806757b35097521dacf8ab

    • SHA512

      977953558ed674e4d2e8babc6ba27e453aed84094ebba8dc415e90b54ca92f21a1c11f108a021c970e8839a6a388271f41ef9daf2355edb9c443d7d767cbdd09

    • SSDEEP

      393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qRsGg4GUo3NT:lWoI7zGP5ahWc3Imx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks