General

  • Target

    bceaa679616c9962bb8b0f656054218ca43a2a0931ae9a52fcad8ad154a8e424

  • Size

    443KB

  • Sample

    241110-h22slssclj

  • MD5

    5859e89bb856acef3947cbd6c55b66da

  • SHA1

    88baa6cd5049075fbecce4809caf4418b63cb8c3

  • SHA256

    bceaa679616c9962bb8b0f656054218ca43a2a0931ae9a52fcad8ad154a8e424

  • SHA512

    8c60cad2f0fffcfa9a7ecf1c361a85f7cd6604a65d59b985df424bf33c372c2e8356857dfd64bea8d787c0c6f952c3e726eb6172824a72b6645886432eaec991

  • SSDEEP

    12288:bklT97iTMJMGAjho/L7mQxZ9yFhEloy6f8z7t3hiNYeh19z7IW:2Cjhm6N

Malware Config

Extracted

Family

redline

Botnet

Baskar

C2

95.181.172.207:56915

Targets

    • Target

      bceaa679616c9962bb8b0f656054218ca43a2a0931ae9a52fcad8ad154a8e424

    • Size

      443KB

    • MD5

      5859e89bb856acef3947cbd6c55b66da

    • SHA1

      88baa6cd5049075fbecce4809caf4418b63cb8c3

    • SHA256

      bceaa679616c9962bb8b0f656054218ca43a2a0931ae9a52fcad8ad154a8e424

    • SHA512

      8c60cad2f0fffcfa9a7ecf1c361a85f7cd6604a65d59b985df424bf33c372c2e8356857dfd64bea8d787c0c6f952c3e726eb6172824a72b6645886432eaec991

    • SSDEEP

      12288:bklT97iTMJMGAjho/L7mQxZ9yFhEloy6f8z7t3hiNYeh19z7IW:2Cjhm6N

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks