General

  • Target

    0374bd3a4e99e1612a0a8bf1808c3070N.exe

  • Size

    415KB

  • Sample

    240826-rncq1ayand

  • MD5

    0374bd3a4e99e1612a0a8bf1808c3070

  • SHA1

    789c78d3ea6276f291bd112bd843dfca03f68f0d

  • SHA256

    2f24a8e06aaf0cc051e0de0eb478ea18a57b907c30688750f376b2853b61080d

  • SHA512

    487243c4b4528fca456325c968fa3ce4675bdc566fe067e7b6818781238e976e90a3cf45f109c66e8930d10881679426de0a497701c8d91b1c9d0903f6777dca

  • SSDEEP

    12288:+xZQPZ9jvf2Q8+y9VDv5GgV5c2suLAnmY:aQDGQBsVDv5lguLgB

Malware Config

Extracted

Family

redline

Botnet

NPUB57

C2

pupdatastart.store:80

pupdata.online:80

Targets

    • Target

      0374bd3a4e99e1612a0a8bf1808c3070N.exe

    • Size

      415KB

    • MD5

      0374bd3a4e99e1612a0a8bf1808c3070

    • SHA1

      789c78d3ea6276f291bd112bd843dfca03f68f0d

    • SHA256

      2f24a8e06aaf0cc051e0de0eb478ea18a57b907c30688750f376b2853b61080d

    • SHA512

      487243c4b4528fca456325c968fa3ce4675bdc566fe067e7b6818781238e976e90a3cf45f109c66e8930d10881679426de0a497701c8d91b1c9d0903f6777dca

    • SSDEEP

      12288:+xZQPZ9jvf2Q8+y9VDv5GgV5c2suLAnmY:aQDGQBsVDv5lguLgB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks