General

  • Target

    c90e8f75987b4eb1e5b5f399073f98947526894a528ece557c48ca3b01cc1ca3.exe

  • Size

    364KB

  • Sample

    241122-m6b5zayrg1

  • MD5

    88c9b6c03f9aca9c38bbded6e9a3db2e

  • SHA1

    99600caab3a2a339d01e4ea8b252e880e9243c7d

  • SHA256

    c90e8f75987b4eb1e5b5f399073f98947526894a528ece557c48ca3b01cc1ca3

  • SHA512

    61d575c98741dbc5d307e6be9029e50402d3efa3e9a6cd4e2c77c456f8eca4a3c84ab61e640cf575323f69b571b9428e57ab16eb8e6eb6e158db4ef1668ee9e2

  • SSDEEP

    6144:BFxuXpbvsKVZuVIA/h93MRfmfxEBMb6yQpB/VBDGjE1U2RYIADG8elx:B/uXFvsKVEVrpQe5qM2yApVJGwZYxDs

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

188.68.201.6:10085

Attributes
  • auth_value

    f27db372188045eefdf974196ead3dae

Targets

    • Target

      c90e8f75987b4eb1e5b5f399073f98947526894a528ece557c48ca3b01cc1ca3.exe

    • Size

      364KB

    • MD5

      88c9b6c03f9aca9c38bbded6e9a3db2e

    • SHA1

      99600caab3a2a339d01e4ea8b252e880e9243c7d

    • SHA256

      c90e8f75987b4eb1e5b5f399073f98947526894a528ece557c48ca3b01cc1ca3

    • SHA512

      61d575c98741dbc5d307e6be9029e50402d3efa3e9a6cd4e2c77c456f8eca4a3c84ab61e640cf575323f69b571b9428e57ab16eb8e6eb6e158db4ef1668ee9e2

    • SSDEEP

      6144:BFxuXpbvsKVZuVIA/h93MRfmfxEBMb6yQpB/VBDGjE1U2RYIADG8elx:B/uXFvsKVEVrpQe5qM2yApVJGwZYxDs

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

MITRE ATT&CK Enterprise v15

Tasks