General

  • Target

    5e3baf0c814104930094c09512da8700a64dd0fe1a311cf90df10d94c785d1d4

  • Size

    374KB

  • Sample

    240826-2m44zaygqb

  • MD5

    992c5e51c858ec5d7ef7cc7aedbde611

  • SHA1

    93c1bd83883ec49ab421eec6b1ee213c89c18fad

  • SHA256

    5e3baf0c814104930094c09512da8700a64dd0fe1a311cf90df10d94c785d1d4

  • SHA512

    bfdff7764608df8862e5bf86e7ee1fc32868670ebe800b61bb604da76b5d196023c6e0c4204b04f2c2b5142af75be02f7f11accd5613d807ed9675f0dc8a11e2

  • SSDEEP

    6144:TxJTXBfZYpMa9IEG4c2xWwppCIbr4z+PodXwPLn+dmyHQwY7:TxJTXBypLZG4c2ht4CwdAPLnqmcQ

Malware Config

Extracted

Family

redline

Botnet

NPUB57

C2

pupdatastart.store:80

pupdata.online:80

Targets

    • Target

      5e3baf0c814104930094c09512da8700a64dd0fe1a311cf90df10d94c785d1d4

    • Size

      374KB

    • MD5

      992c5e51c858ec5d7ef7cc7aedbde611

    • SHA1

      93c1bd83883ec49ab421eec6b1ee213c89c18fad

    • SHA256

      5e3baf0c814104930094c09512da8700a64dd0fe1a311cf90df10d94c785d1d4

    • SHA512

      bfdff7764608df8862e5bf86e7ee1fc32868670ebe800b61bb604da76b5d196023c6e0c4204b04f2c2b5142af75be02f7f11accd5613d807ed9675f0dc8a11e2

    • SSDEEP

      6144:TxJTXBfZYpMa9IEG4c2xWwppCIbr4z+PodXwPLn+dmyHQwY7:TxJTXBypLZG4c2ht4CwdAPLnqmcQ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks