General

  • Target

    e64aff9feb6be497f77ed17dd349e4f0e2a56c5d06db44a2fdb74c4bf0937d60

  • Size

    292KB

  • Sample

    241111-lgzdjawpfz

  • MD5

    8f38ac018c84c3cb4ed731aee9c7e4b5

  • SHA1

    0f41cc0b0546681a440892b6cd80e215d0922130

  • SHA256

    e64aff9feb6be497f77ed17dd349e4f0e2a56c5d06db44a2fdb74c4bf0937d60

  • SHA512

    2385d2006083c1bf9c732e5fa0228b35995f0b3d1ee3acec3cb285fc3e9d789a37312f78c433774c9116af84ba44f2cd997d3b34f27683a5b565d4ed3329f288

  • SSDEEP

    3072:sY9QSHF8Tkq1H88HK159IPfcU1nwJ2qmFtjamD/zsn2OfrWid52kOQsWvMDuS:aSHU8IY5scAnScja6w24m+P

Malware Config

Extracted

Family

redline

Botnet

PUB

C2

45.9.20.20:13441

Targets

    • Target

      e64aff9feb6be497f77ed17dd349e4f0e2a56c5d06db44a2fdb74c4bf0937d60

    • Size

      292KB

    • MD5

      8f38ac018c84c3cb4ed731aee9c7e4b5

    • SHA1

      0f41cc0b0546681a440892b6cd80e215d0922130

    • SHA256

      e64aff9feb6be497f77ed17dd349e4f0e2a56c5d06db44a2fdb74c4bf0937d60

    • SHA512

      2385d2006083c1bf9c732e5fa0228b35995f0b3d1ee3acec3cb285fc3e9d789a37312f78c433774c9116af84ba44f2cd997d3b34f27683a5b565d4ed3329f288

    • SSDEEP

      3072:sY9QSHF8Tkq1H88HK159IPfcU1nwJ2qmFtjamD/zsn2OfrWid52kOQsWvMDuS:aSHU8IY5scAnScja6w24m+P

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

MITRE ATT&CK Enterprise v15

Tasks