General

  • Target

    d39537615056399612bd9659403fc6290840cc9e00e6041dcffd2025ccd66c0b

  • Size

    419KB

  • Sample

    241111-fmq2fstelh

  • MD5

    1337cd60b7d1c8ab994c7ea0064991da

  • SHA1

    99a629a0b97146d3607e3b1bcf362d2ac23c0e3a

  • SHA256

    d39537615056399612bd9659403fc6290840cc9e00e6041dcffd2025ccd66c0b

  • SHA512

    56155cc7994505b07f64dbd1fb251e8097ce64f66e4f9896cb02052508835be5da7501dd066b44d8623a306723ffb5dab26c5146678b54774d55a5037861071b

  • SSDEEP

    12288:kE+IA0UGEZNjx2b5cPUS1qrcl5OalQUwcfa5:kE+lQTSAcl5Owf3a5

Malware Config

Extracted

Family

redline

Botnet

installerbot

C2

wiseroniee.xyz:80

Targets

    • Target

      d39537615056399612bd9659403fc6290840cc9e00e6041dcffd2025ccd66c0b

    • Size

      419KB

    • MD5

      1337cd60b7d1c8ab994c7ea0064991da

    • SHA1

      99a629a0b97146d3607e3b1bcf362d2ac23c0e3a

    • SHA256

      d39537615056399612bd9659403fc6290840cc9e00e6041dcffd2025ccd66c0b

    • SHA512

      56155cc7994505b07f64dbd1fb251e8097ce64f66e4f9896cb02052508835be5da7501dd066b44d8623a306723ffb5dab26c5146678b54774d55a5037861071b

    • SSDEEP

      12288:kE+IA0UGEZNjx2b5cPUS1qrcl5OalQUwcfa5:kE+lQTSAcl5Owf3a5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

MITRE ATT&CK Enterprise v15

Tasks