General

  • Target

    aeb46a41343bbbfb2a1fc6b6eec7e60657361be81c61c3adaa11357898a45d4b.exe

  • Size

    1.0MB

  • Sample

    241225-c499wavpfp

  • MD5

    8a65e4ace5821564817c5f343352474c

  • SHA1

    5921aa00413c8ebcc7f639740e85f0389c8c7e09

  • SHA256

    aeb46a41343bbbfb2a1fc6b6eec7e60657361be81c61c3adaa11357898a45d4b

  • SHA512

    9a44c2c1838567b9b1e1280b338a2b5a6eddb0ad7310e078a9a74e3374ba826ba5344b627c3a06fef90da0168fb6d6349954e867ceb09b68de0eca068f11bb28

  • SSDEEP

    24576:WqDEvCTbMWu7rQYlBQcBiT6rprG8aNVscHOCWth:WTvC/MTQYxsWR7aNVsfCC

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.90:55615

Targets

    • Target

      aeb46a41343bbbfb2a1fc6b6eec7e60657361be81c61c3adaa11357898a45d4b.exe

    • Size

      1.0MB

    • MD5

      8a65e4ace5821564817c5f343352474c

    • SHA1

      5921aa00413c8ebcc7f639740e85f0389c8c7e09

    • SHA256

      aeb46a41343bbbfb2a1fc6b6eec7e60657361be81c61c3adaa11357898a45d4b

    • SHA512

      9a44c2c1838567b9b1e1280b338a2b5a6eddb0ad7310e078a9a74e3374ba826ba5344b627c3a06fef90da0168fb6d6349954e867ceb09b68de0eca068f11bb28

    • SSDEEP

      24576:WqDEvCTbMWu7rQYlBQcBiT6rprG8aNVscHOCWth:WTvC/MTQYxsWR7aNVsfCC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks