General

  • Target

    2108b6d4b4a78e2a094fd01a0f666c92cf59feda

  • Size

    2.5MB

  • Sample

    241110-gl4ftstqck

  • MD5

    6bb490266fde82840d4fc318d69101ba

  • SHA1

    2108b6d4b4a78e2a094fd01a0f666c92cf59feda

  • SHA256

    5141965861b8f6963059b5f02a895e53339db50be33901bd052c323bcd5dc16a

  • SHA512

    efb1737a04290f07102cc209fbefa3923c78be3ca7cb4eba57f3e91872b5ca506860b72e1f14cedaecca2cbed8e60ad4059b59b7fd91eedcccab705647182160

  • SSDEEP

    24576:FU8cmx/CVYPp4mKR4YDYdhFCsSMeJfU3dxtp4HIbTK5rbEJ+2JL7iFtMl3RuQ55A:+8/hCVYqmKFenCrbEJ+2JPoMl3U

Malware Config

Extracted

Family

redline

Botnet

1652085892

C2

79.137.192.6:8362

Targets

    • Target

      2108b6d4b4a78e2a094fd01a0f666c92cf59feda

    • Size

      2.5MB

    • MD5

      6bb490266fde82840d4fc318d69101ba

    • SHA1

      2108b6d4b4a78e2a094fd01a0f666c92cf59feda

    • SHA256

      5141965861b8f6963059b5f02a895e53339db50be33901bd052c323bcd5dc16a

    • SHA512

      efb1737a04290f07102cc209fbefa3923c78be3ca7cb4eba57f3e91872b5ca506860b72e1f14cedaecca2cbed8e60ad4059b59b7fd91eedcccab705647182160

    • SSDEEP

      24576:FU8cmx/CVYPp4mKR4YDYdhFCsSMeJfU3dxtp4HIbTK5rbEJ+2JL7iFtMl3RuQ55A:+8/hCVYqmKFenCrbEJ+2JPoMl3U

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks