General

  • Target

    6a9fed4823adeb3fee7085782daf6d4f139e44e4c13994ac20e2422cf250e52e

  • Size

    384KB

  • Sample

    241110-se7qfsyglj

  • MD5

    319c09ba8fdfa5d10b2bf2758f261801

  • SHA1

    b90694223fade4fb7bd55581a2acc778e808b142

  • SHA256

    6a9fed4823adeb3fee7085782daf6d4f139e44e4c13994ac20e2422cf250e52e

  • SHA512

    17a6946fbbd47898bb63330f79bf939d93f12c30e20af52768502072c8d577098f102648e8c8b803afb00d3d9681f5a26f60532538301e826becae130907837b

  • SSDEEP

    6144:LSKnqsGLDWj+mfKiMbdCjH1OAbGLQlf5WFoEvXQynE5bnig/5oykDNugTrA:LSH3WnUbdCT1OxElf5IoEP7nE5OW5oBB

Malware Config

Extracted

Family

redline

Botnet

usamoney

C2

45.142.215.47:27643

Attributes
  • auth_value

    9491a1c5e11eb6097e68a4fa8627fda8

Targets

    • Target

      6a9fed4823adeb3fee7085782daf6d4f139e44e4c13994ac20e2422cf250e52e

    • Size

      384KB

    • MD5

      319c09ba8fdfa5d10b2bf2758f261801

    • SHA1

      b90694223fade4fb7bd55581a2acc778e808b142

    • SHA256

      6a9fed4823adeb3fee7085782daf6d4f139e44e4c13994ac20e2422cf250e52e

    • SHA512

      17a6946fbbd47898bb63330f79bf939d93f12c30e20af52768502072c8d577098f102648e8c8b803afb00d3d9681f5a26f60532538301e826becae130907837b

    • SSDEEP

      6144:LSKnqsGLDWj+mfKiMbdCjH1OAbGLQlf5WFoEvXQynE5bnig/5oykDNugTrA:LSH3WnUbdCT1OxElf5IoEP7nE5OW5oBB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

MITRE ATT&CK Enterprise v15

Tasks