General

  • Target

    7ba90995912893f3b4b360e27e22e72d658082fc6821452f26866e197a1c9174.exe

  • Size

    1.1MB

  • Sample

    241123-yna1qszlhj

  • MD5

    ca506199875974723455db521eeb1ff6

  • SHA1

    36d64546cdb602e32add35fa8daa87eea4edaffe

  • SHA256

    7ba90995912893f3b4b360e27e22e72d658082fc6821452f26866e197a1c9174

  • SHA512

    9106166c18084a22c7f170ed7df9aa05e9de1ceb12bdc8959cf1c84dc7a7c00ebcd304b5237ea7c3202fe71adc64fa65cad2fdc1a5978de8bf492ae4367447e5

  • SSDEEP

    24576:kbTxmHu/2G+2Bkuq6nR3WgTcPUT5sbJUnUQuVTGYjwmAHfT3ZSqWV:kbTxsu/SCWgYPaIUUdjtscV

Malware Config

Extracted

Family

redline

Botnet

@stanfordlzt

C2

185.209.22.181:34925

Attributes
  • auth_value

    5a0918bd3e8ede8e02c8dd9d106a996d

Targets

    • Target

      7ba90995912893f3b4b360e27e22e72d658082fc6821452f26866e197a1c9174.exe

    • Size

      1.1MB

    • MD5

      ca506199875974723455db521eeb1ff6

    • SHA1

      36d64546cdb602e32add35fa8daa87eea4edaffe

    • SHA256

      7ba90995912893f3b4b360e27e22e72d658082fc6821452f26866e197a1c9174

    • SHA512

      9106166c18084a22c7f170ed7df9aa05e9de1ceb12bdc8959cf1c84dc7a7c00ebcd304b5237ea7c3202fe71adc64fa65cad2fdc1a5978de8bf492ae4367447e5

    • SSDEEP

      24576:kbTxmHu/2G+2Bkuq6nR3WgTcPUT5sbJUnUQuVTGYjwmAHfT3ZSqWV:kbTxsu/SCWgYPaIUUdjtscV

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks