General

  • Target

    9b4e792e32c17dbdb833bea4302bf4f6a594ca84b2fa3ee5bc0bef7c67e5ef50

  • Size

    413KB

  • Sample

    241107-ts426axrhn

  • MD5

    023e412b9b83e38acaf0c0555914fa97

  • SHA1

    aff7e9c80411a7732ee251fdb3c6459243eee30c

  • SHA256

    9b4e792e32c17dbdb833bea4302bf4f6a594ca84b2fa3ee5bc0bef7c67e5ef50

  • SHA512

    107afac87ffd37ff48fdd482d21035a92365679e31bc489bec57f5fc3a764a8f4efb7c0497ebbb5288b1754a5ef7db119a28c6b7e495c332bd38f55c15e097e9

  • SSDEEP

    6144:FV95Hf61Xxqhhqy9ubrxyRhr+ks2ombck0EDXba9Lqloi0KsFhZLE:vv6mrFkmgLEDLa9L5i0KsFj

Malware Config

Extracted

Family

redline

Botnet

money

C2

45.142.215.47:27643

Attributes
  • auth_value

    9491a1c5e11eb6097e68a4fa8627fda8

Targets

    • Target

      9b4e792e32c17dbdb833bea4302bf4f6a594ca84b2fa3ee5bc0bef7c67e5ef50

    • Size

      413KB

    • MD5

      023e412b9b83e38acaf0c0555914fa97

    • SHA1

      aff7e9c80411a7732ee251fdb3c6459243eee30c

    • SHA256

      9b4e792e32c17dbdb833bea4302bf4f6a594ca84b2fa3ee5bc0bef7c67e5ef50

    • SHA512

      107afac87ffd37ff48fdd482d21035a92365679e31bc489bec57f5fc3a764a8f4efb7c0497ebbb5288b1754a5ef7db119a28c6b7e495c332bd38f55c15e097e9

    • SSDEEP

      6144:FV95Hf61Xxqhhqy9ubrxyRhr+ks2ombck0EDXba9Lqloi0KsFhZLE:vv6mrFkmgLEDLa9L5i0KsFj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

MITRE ATT&CK Enterprise v15

Tasks