General

  • Target

    788007f976a00d28172547b761bda8cae035f444876fd2baa5b58bbbe5f4e0d6.exe

  • Size

    355KB

  • Sample

    241124-cjpgnsylfs

  • MD5

    c2547499a8553a1c1b352ae7dffb100b

  • SHA1

    3e2651a546400cdc589b22bf7856d540a606bae4

  • SHA256

    788007f976a00d28172547b761bda8cae035f444876fd2baa5b58bbbe5f4e0d6

  • SHA512

    816f61d93dc466465494c21247b96f97c1b37fe091c45cb5fbe4bb428b90ad79d42bc603648535beb85442230c1677864866943deea2146abe2d1e07dd050160

  • SSDEEP

    6144:9AbAYfbpFzgLgESONKgTOrHfziqAOziMD3f+WSoM7eu:9EAYfbpFzgLbSXNEt3eu

Malware Config

Extracted

Family

redline

Botnet

@nnMembeR

C2

zellavonela.xyz:80

Attributes
  • auth_value

    584b781c29c4ce798ce009c5b16b2263

Targets

    • Target

      788007f976a00d28172547b761bda8cae035f444876fd2baa5b58bbbe5f4e0d6.exe

    • Size

      355KB

    • MD5

      c2547499a8553a1c1b352ae7dffb100b

    • SHA1

      3e2651a546400cdc589b22bf7856d540a606bae4

    • SHA256

      788007f976a00d28172547b761bda8cae035f444876fd2baa5b58bbbe5f4e0d6

    • SHA512

      816f61d93dc466465494c21247b96f97c1b37fe091c45cb5fbe4bb428b90ad79d42bc603648535beb85442230c1677864866943deea2146abe2d1e07dd050160

    • SSDEEP

      6144:9AbAYfbpFzgLgESONKgTOrHfziqAOziMD3f+WSoM7eu:9EAYfbpFzgLbSXNEt3eu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks