General

  • Target

    Implosions.exe

  • Size

    183KB

  • Sample

    240906-e7874awgkq

  • MD5

    aeed85e8a5b1d2013ea6fa0348e954d7

  • SHA1

    899fc5632fce363d0dd1f05bb388f0f3f27240c2

  • SHA256

    5b1d458a558dbe702742407f213b8a38241555bbded345b0f7c46529b938b3a3

  • SHA512

    1e81577e9ad438d213f0f229711d0426344582c14637e76250497926af9b4261fc0fa63697321a20255fa3b6895b605589c6641304888b8fdbfc78bfd3d8a677

  • SSDEEP

    3072:RDKW1LgppLRHMY0TBfJvjcTp5Xew7T79dLTrpMu6:RDKW1Lgbdl0TBBvjc/ew/79Do

Malware Config

Extracted

Family

redline

Botnet

russianhack

C2

109.234.38.212:6677

Targets

    • Target

      Implosions.exe

    • Size

      183KB

    • MD5

      aeed85e8a5b1d2013ea6fa0348e954d7

    • SHA1

      899fc5632fce363d0dd1f05bb388f0f3f27240c2

    • SHA256

      5b1d458a558dbe702742407f213b8a38241555bbded345b0f7c46529b938b3a3

    • SHA512

      1e81577e9ad438d213f0f229711d0426344582c14637e76250497926af9b4261fc0fa63697321a20255fa3b6895b605589c6641304888b8fdbfc78bfd3d8a677

    • SSDEEP

      3072:RDKW1LgppLRHMY0TBfJvjcTp5Xew7T79dLTrpMu6:RDKW1Lgbdl0TBBvjc/ew/79Do

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks