General

  • Target

    2272-2-0x0000000001250000-0x0000000001724000-memory.dmp

  • Size

    4.8MB

  • Sample

    241002-z343ssxcll

  • MD5

    2128c68443e212c1a389a9efc7fae90a

  • SHA1

    2dbb694128a9684886a428290d99bc8829ac84a7

  • SHA256

    73f7145b77cc4b2b354435dd1b8d7ecc197b85e568e18782d1413b545c9803d8

  • SHA512

    a97cd3ad2a4fdedc66b44aa77fdbe9838e07976d7f8b367a68bdae61313a8429650c436627a3f8bb8c71b1e8a3eea9c8b3cb6696f5198b842444d27459255708

  • SSDEEP

    98304:dTtZ7DFYc+pA7ghYjvmzlGNVPM0w87LDNVe903cs+:BhJtgxzl50w87je903

Malware Config

Extracted

Family

redline

C2

54.38.123.247:8696

Targets

    • Target

      2272-2-0x0000000001250000-0x0000000001724000-memory.dmp

    • Size

      4.8MB

    • MD5

      2128c68443e212c1a389a9efc7fae90a

    • SHA1

      2dbb694128a9684886a428290d99bc8829ac84a7

    • SHA256

      73f7145b77cc4b2b354435dd1b8d7ecc197b85e568e18782d1413b545c9803d8

    • SHA512

      a97cd3ad2a4fdedc66b44aa77fdbe9838e07976d7f8b367a68bdae61313a8429650c436627a3f8bb8c71b1e8a3eea9c8b3cb6696f5198b842444d27459255708

    • SSDEEP

      98304:dTtZ7DFYc+pA7ghYjvmzlGNVPM0w87LDNVe903cs+:BhJtgxzl50w87je903

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks