General

  • Target

    abddf9db14d54ebcf6f938a2576819093e2fed642e21669b66feef11a3858edc.exe

  • Size

    221KB

  • Sample

    241123-ba5xmazlcj

  • MD5

    5c712211dfdaeebb1e0d99549f544689

  • SHA1

    fdfa4a320ef6e3ed098d30b253cbdb7cb920e81c

  • SHA256

    abddf9db14d54ebcf6f938a2576819093e2fed642e21669b66feef11a3858edc

  • SHA512

    d9ee0c310ff0d0f588820bc0a1bbd99ede4eb357f00ebca205b82cc7bb5edd228a8548590c2e898ce44fa0638c93f925811de20f3d9f59ed1c6ed90babbdab00

  • SSDEEP

    3072:BLY7ICbXn4py0QdkqW0liZupX6LcFr1pE2ffMjUeEUciiJG8T:FY0r40CqcFpgEU21

Malware Config

Extracted

Family

redline

C2

141.94.188.138:46419

Attributes
  • auth_value

    3f48b95855158031ae9e7dafcb203009

Targets

    • Target

      abddf9db14d54ebcf6f938a2576819093e2fed642e21669b66feef11a3858edc.exe

    • Size

      221KB

    • MD5

      5c712211dfdaeebb1e0d99549f544689

    • SHA1

      fdfa4a320ef6e3ed098d30b253cbdb7cb920e81c

    • SHA256

      abddf9db14d54ebcf6f938a2576819093e2fed642e21669b66feef11a3858edc

    • SHA512

      d9ee0c310ff0d0f588820bc0a1bbd99ede4eb357f00ebca205b82cc7bb5edd228a8548590c2e898ce44fa0638c93f925811de20f3d9f59ed1c6ed90babbdab00

    • SSDEEP

      3072:BLY7ICbXn4py0QdkqW0liZupX6LcFr1pE2ffMjUeEUciiJG8T:FY0r40CqcFpgEU21

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks