General

  • Target

    97ab9da06e998b7ab2740c1eed04fd499cc9a1343984f81e12ef9f2b5b922af4.exe

  • Size

    419KB

  • Sample

    241124-kzbvhssqgz

  • MD5

    6614d6b6072570d91186bed944d030d0

  • SHA1

    78a44efc9bc939be89f3c56db781d34379fadb3b

  • SHA256

    97ab9da06e998b7ab2740c1eed04fd499cc9a1343984f81e12ef9f2b5b922af4

  • SHA512

    f03c2b7b2756b7acdfef8759cb50cdf502f8140c18dc228ae5bb3195eb4350f25663354eb9fdf2870e0703c242d4a7a9e8c610169eccb9037d99487bf8ef5f04

  • SSDEEP

    12288:bAdHH7N9oN1hSm1ynzlMDF7VPJBAotOB/ja:b0HbNqhquDdVPzgja

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.182:52236

Attributes
  • auth_value

    a272f3a2850ec3dccdaed97234b7c40e

Targets

    • Target

      97ab9da06e998b7ab2740c1eed04fd499cc9a1343984f81e12ef9f2b5b922af4.exe

    • Size

      419KB

    • MD5

      6614d6b6072570d91186bed944d030d0

    • SHA1

      78a44efc9bc939be89f3c56db781d34379fadb3b

    • SHA256

      97ab9da06e998b7ab2740c1eed04fd499cc9a1343984f81e12ef9f2b5b922af4

    • SHA512

      f03c2b7b2756b7acdfef8759cb50cdf502f8140c18dc228ae5bb3195eb4350f25663354eb9fdf2870e0703c242d4a7a9e8c610169eccb9037d99487bf8ef5f04

    • SSDEEP

      12288:bAdHH7N9oN1hSm1ynzlMDF7VPJBAotOB/ja:b0HbNqhquDdVPzgja

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

MITRE ATT&CK Enterprise v15

Tasks