General

  • Target

    8b868aaba13eaf06feeda128647de4708641dddd3b83fefd7b64c80676feab46

  • Size

    417KB

  • Sample

    241110-gh9tfatpgm

  • MD5

    8eb791a0400d4b9c1c1ef6549fe76ee3

  • SHA1

    4ee035319a28fb4004f003efba05bb131cc4e1af

  • SHA256

    8b868aaba13eaf06feeda128647de4708641dddd3b83fefd7b64c80676feab46

  • SHA512

    25f4653e0893c53a26490a54533905cfccc208766416cf3354e981684c33e53facecc18330c9716614180b26da8248d061a576e8b74d7991a95591e9c16407f6

  • SSDEEP

    12288:k8XQUluT5RfPqKGTKt40/yQodWiL1ZyElG5MS0X:kwPYTrKKDt40/aL1Zy6r

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.182:52236

Attributes
  • auth_value

    a272f3a2850ec3dccdaed97234b7c40e

Targets

    • Target

      8b868aaba13eaf06feeda128647de4708641dddd3b83fefd7b64c80676feab46

    • Size

      417KB

    • MD5

      8eb791a0400d4b9c1c1ef6549fe76ee3

    • SHA1

      4ee035319a28fb4004f003efba05bb131cc4e1af

    • SHA256

      8b868aaba13eaf06feeda128647de4708641dddd3b83fefd7b64c80676feab46

    • SHA512

      25f4653e0893c53a26490a54533905cfccc208766416cf3354e981684c33e53facecc18330c9716614180b26da8248d061a576e8b74d7991a95591e9c16407f6

    • SSDEEP

      12288:k8XQUluT5RfPqKGTKt40/yQodWiL1ZyElG5MS0X:kwPYTrKKDt40/aL1Zy6r

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

MITRE ATT&CK Enterprise v15

Tasks