General

  • Target

    6AFDD0CBDF70F3E75F423B1557648E85.exe

  • Size

    1.0MB

  • Sample

    241224-jzd47ssrgs

  • MD5

    6afdd0cbdf70f3e75f423b1557648e85

  • SHA1

    6c5cf72a38f08fd41b9f4943efaa4fa3b4d92c66

  • SHA256

    f5a76af6335f9ea831901a5fac818c22393fdb2d0d9408ce373018b24a2ddb71

  • SHA512

    b550dbba19c53f55d1433cfbd38fff724c9759da4232597f1b3213e98529f440854a32387eb4a7a7aea2b6a2601816e13b0cfd2ab8712c2f6ef0ec66a2c5028d

  • SSDEEP

    24576:AqDEvCTbMWu7rQYlBQcBiT6rprG8abXTaR:ATvC/MTQYxsWR7abX

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.90:55615

Targets

    • Target

      6AFDD0CBDF70F3E75F423B1557648E85.exe

    • Size

      1.0MB

    • MD5

      6afdd0cbdf70f3e75f423b1557648e85

    • SHA1

      6c5cf72a38f08fd41b9f4943efaa4fa3b4d92c66

    • SHA256

      f5a76af6335f9ea831901a5fac818c22393fdb2d0d9408ce373018b24a2ddb71

    • SHA512

      b550dbba19c53f55d1433cfbd38fff724c9759da4232597f1b3213e98529f440854a32387eb4a7a7aea2b6a2601816e13b0cfd2ab8712c2f6ef0ec66a2c5028d

    • SSDEEP

      24576:AqDEvCTbMWu7rQYlBQcBiT6rprG8abXTaR:ATvC/MTQYxsWR7abX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks