General

  • Target

    d86a8d79ff6bad7e126385c18626d1c224f293dbf2cdddf62afc53f45b4d4bb7

  • Size

    418KB

  • Sample

    240827-e99awatamd

  • MD5

    9fde7f4e4e435e4f45787175073c94b2

  • SHA1

    1d76d58866af0a76e06fc4c7c3bcb81598b74257

  • SHA256

    d86a8d79ff6bad7e126385c18626d1c224f293dbf2cdddf62afc53f45b4d4bb7

  • SHA512

    547538ee91c63bce6e4cbe42a0706e1f62e73e7e30631f77b67cab6e4e4eaf7328e1073b783d6ab1fb07ad8f79bccea6cfbe4f124033d42ab39a3280871189f6

  • SSDEEP

    6144:mpK1pDMb6I5DATGtMoKJpmmPKRaD/03uMCR/5Izv8VaBcZRFAXsTRV:mpKfDMb1DATcWpmpJro/5IzUZRFAXsL

Malware Config

Extracted

Family

redline

Botnet

NPUB01

C2

spaceufx.site:80

slimactive.store:80

Targets

    • Target

      d86a8d79ff6bad7e126385c18626d1c224f293dbf2cdddf62afc53f45b4d4bb7

    • Size

      418KB

    • MD5

      9fde7f4e4e435e4f45787175073c94b2

    • SHA1

      1d76d58866af0a76e06fc4c7c3bcb81598b74257

    • SHA256

      d86a8d79ff6bad7e126385c18626d1c224f293dbf2cdddf62afc53f45b4d4bb7

    • SHA512

      547538ee91c63bce6e4cbe42a0706e1f62e73e7e30631f77b67cab6e4e4eaf7328e1073b783d6ab1fb07ad8f79bccea6cfbe4f124033d42ab39a3280871189f6

    • SSDEEP

      6144:mpK1pDMb6I5DATGtMoKJpmmPKRaD/03uMCR/5Izv8VaBcZRFAXsTRV:mpKfDMb1DATcWpmpJro/5IzUZRFAXsL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks