General

  • Target

    78eaa2c70c05a696e3eba15d68348603436b4ea9f8b913521afdbc3992f920de

  • Size

    412KB

  • Sample

    241109-1efkzavrcj

  • MD5

    d01c7de2cd89007b2787e7e1b0735d8e

  • SHA1

    0fbb661c2e5d9426eddf255683e1cd9d70e7de3b

  • SHA256

    78eaa2c70c05a696e3eba15d68348603436b4ea9f8b913521afdbc3992f920de

  • SHA512

    e75b5fe9ce7d61952c5b4c5052db23a670025af1e78aa69b8a629190d6dbde5af8b02e453465794810b0fb92992a8c1aff8906842d5cea0902496f632404445f

  • SSDEEP

    6144:OOzE2KXD3FGMS/qrawoNXV4naiXkta4LEO9hy7sSxtnu2:w1DVGMSCUNloaiUta4LRhy7sSH1

Malware Config

Extracted

Family

redline

Botnet

money

C2

45.142.215.47:27643

Attributes
  • auth_value

    9491a1c5e11eb6097e68a4fa8627fda8

Targets

    • Target

      78eaa2c70c05a696e3eba15d68348603436b4ea9f8b913521afdbc3992f920de

    • Size

      412KB

    • MD5

      d01c7de2cd89007b2787e7e1b0735d8e

    • SHA1

      0fbb661c2e5d9426eddf255683e1cd9d70e7de3b

    • SHA256

      78eaa2c70c05a696e3eba15d68348603436b4ea9f8b913521afdbc3992f920de

    • SHA512

      e75b5fe9ce7d61952c5b4c5052db23a670025af1e78aa69b8a629190d6dbde5af8b02e453465794810b0fb92992a8c1aff8906842d5cea0902496f632404445f

    • SSDEEP

      6144:OOzE2KXD3FGMS/qrawoNXV4naiXkta4LEO9hy7sSxtnu2:w1DVGMSCUNloaiUta4LRhy7sSH1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

MITRE ATT&CK Enterprise v15

Tasks