General

  • Target

    2a671201da464791519426e6bb23f770N

  • Size

    188KB

  • Sample

    240910-s4mfta1bnm

  • MD5

    2a671201da464791519426e6bb23f770

  • SHA1

    ba7789c2f9d66301b9090256c95b7be5d2eaa7a5

  • SHA256

    8d0a8346bc6e310eac050a9d73d94a69339e1eec3b8c680003135d62867c3674

  • SHA512

    7a4ef1fabda49a7a36d6003683670c218a35bfa6af54ed36e6109eb12b5a04e3c7a75ad65eb96eb6756c5e930f7299c341ceb8cac9f6f574885d5548858bafc1

  • SSDEEP

    3072:cDKW1LgppLRHMY0TBfJvjcTp5XcJnL962jQtV4:cDKW1Lgbdl0TBBvjc/cJB62jQt6

Malware Config

Extracted

Family

redline

Botnet

booster

C2

45.67.231.8:3403

Targets

    • Target

      2a671201da464791519426e6bb23f770N

    • Size

      188KB

    • MD5

      2a671201da464791519426e6bb23f770

    • SHA1

      ba7789c2f9d66301b9090256c95b7be5d2eaa7a5

    • SHA256

      8d0a8346bc6e310eac050a9d73d94a69339e1eec3b8c680003135d62867c3674

    • SHA512

      7a4ef1fabda49a7a36d6003683670c218a35bfa6af54ed36e6109eb12b5a04e3c7a75ad65eb96eb6756c5e930f7299c341ceb8cac9f6f574885d5548858bafc1

    • SSDEEP

      3072:cDKW1LgppLRHMY0TBfJvjcTp5XcJnL962jQtV4:cDKW1Lgbdl0TBBvjc/cJB62jQt6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks