General

  • Target

    2c7c43116980f49031c3d11869f4db677b51dd5ae14c1c7a56ee936c1e42a4cb.exe

  • Size

    632KB

  • Sample

    241124-jvzv4sxkfn

  • MD5

    976cde26312f2050f2e09dd776036845

  • SHA1

    5d362f318081f0751d3585261a78081d75170b9e

  • SHA256

    2c7c43116980f49031c3d11869f4db677b51dd5ae14c1c7a56ee936c1e42a4cb

  • SHA512

    2b7fec04dc4dc51781e2b02460ffe3603f539084c7d2ad79806ac906692414c3dd66a70895cd1a39f1bb894d22027a38c75190d3f292298eea4365ecd1b38ff4

  • SSDEEP

    12288:AmLKo7F7uh5W3ROmTVTkgQu8Zt30fGF9HBhC12qd3UwXXCoK:Am+o7Vo5W3agQuEtkeF9HBG9lO

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.57.81:55615

Targets

    • Target

      2c7c43116980f49031c3d11869f4db677b51dd5ae14c1c7a56ee936c1e42a4cb.exe

    • Size

      632KB

    • MD5

      976cde26312f2050f2e09dd776036845

    • SHA1

      5d362f318081f0751d3585261a78081d75170b9e

    • SHA256

      2c7c43116980f49031c3d11869f4db677b51dd5ae14c1c7a56ee936c1e42a4cb

    • SHA512

      2b7fec04dc4dc51781e2b02460ffe3603f539084c7d2ad79806ac906692414c3dd66a70895cd1a39f1bb894d22027a38c75190d3f292298eea4365ecd1b38ff4

    • SSDEEP

      12288:AmLKo7F7uh5W3ROmTVTkgQu8Zt30fGF9HBhC12qd3UwXXCoK:Am+o7Vo5W3agQuEtkeF9HBG9lO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks