General

  • Target

    bfeb6ffa2999d0f207cfb6eb7c491450N

  • Size

    381KB

  • Sample

    240826-hszlws1crg

  • MD5

    bfeb6ffa2999d0f207cfb6eb7c491450

  • SHA1

    e96806fdae6adf2b31d3277271eeaf66e65fed93

  • SHA256

    0d7f4715dd6f5455598ae14baf10d35ba94fc0b56e5d9e370b1e7c9dc636844d

  • SHA512

    38b6357169e0a5c6bae13095bbdee8fc2f965f9fddff584548a87f68ad5938faa79a212f28b9b8b9002de8758dc1d1aeb61f2da00fff65c616f2f6de902f84f4

  • SSDEEP

    6144:Axf5x6seMvl9UvBrk48pN6E+LZsvLgBxGLb8vcFp1KCzJVnjyb:Axf5xRDt9srk48UNLGiSOahDn

Malware Config

Extracted

Family

redline

Botnet

mix2

C2

194.156.67.100:48883

Targets

    • Target

      bfeb6ffa2999d0f207cfb6eb7c491450N

    • Size

      381KB

    • MD5

      bfeb6ffa2999d0f207cfb6eb7c491450

    • SHA1

      e96806fdae6adf2b31d3277271eeaf66e65fed93

    • SHA256

      0d7f4715dd6f5455598ae14baf10d35ba94fc0b56e5d9e370b1e7c9dc636844d

    • SHA512

      38b6357169e0a5c6bae13095bbdee8fc2f965f9fddff584548a87f68ad5938faa79a212f28b9b8b9002de8758dc1d1aeb61f2da00fff65c616f2f6de902f84f4

    • SSDEEP

      6144:Axf5x6seMvl9UvBrk48pN6E+LZsvLgBxGLb8vcFp1KCzJVnjyb:Axf5xRDt9srk48UNLGiSOahDn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks