General

  • Target

    8758ee03fb6ff2df8312e22fcf9dbb20N.exe

  • Size

    399KB

  • Sample

    240829-rwxfdaycrr

  • MD5

    8758ee03fb6ff2df8312e22fcf9dbb20

  • SHA1

    877b4c9e2fc29553c188b840d3dd6cc2d8189190

  • SHA256

    0632b39a043f4efb1bdddb7861c7b8bbe58853ed09638ae35169db589e98fd1c

  • SHA512

    fad746dab3ca24e031456a8ebf66fa86c72f2cf30043841ed779512d34f4653b3a5e4ce9a651d556837876ebc4c87add03c5e95e70f0e6e2c20d71ef8fc81383

  • SSDEEP

    6144:+qdyOiyn3mtA6XWJ0STiUdViA1k+SkCvUJPhdHuag/JP4D2FYkpv:fdyOiynWtzWJfOXA12oTHI

Malware Config

Extracted

Family

redline

Botnet

NPUB57

C2

pupdatastart.store:80

pupdata.online:80

Targets

    • Target

      8758ee03fb6ff2df8312e22fcf9dbb20N.exe

    • Size

      399KB

    • MD5

      8758ee03fb6ff2df8312e22fcf9dbb20

    • SHA1

      877b4c9e2fc29553c188b840d3dd6cc2d8189190

    • SHA256

      0632b39a043f4efb1bdddb7861c7b8bbe58853ed09638ae35169db589e98fd1c

    • SHA512

      fad746dab3ca24e031456a8ebf66fa86c72f2cf30043841ed779512d34f4653b3a5e4ce9a651d556837876ebc4c87add03c5e95e70f0e6e2c20d71ef8fc81383

    • SSDEEP

      6144:+qdyOiyn3mtA6XWJ0STiUdViA1k+SkCvUJPhdHuag/JP4D2FYkpv:fdyOiynWtzWJfOXA12oTHI

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks