General

  • Target

    50012d6f8e95f51fd2859d308a17b29a337805a11ec2d7e70baf53ae9665cf8b.exe

  • Size

    1.2MB

  • Sample

    250128-g376cazqcp

  • MD5

    754a9aab48af50023442107487883ec2

  • SHA1

    ac6fcbaf337c23430d1772e108ca561a1ad01b12

  • SHA256

    50012d6f8e95f51fd2859d308a17b29a337805a11ec2d7e70baf53ae9665cf8b

  • SHA512

    2754e3358754eab821b1de741792827be140c074f1224d02e184eb12b7b4f58a3e0b5a440d9a449a7eb8783cd6df3ab65c5e7defe090bd19fe6f7a4b3f8cc977

  • SSDEEP

    24576:FX2jspZvLeoX7r4jNmbtfCThTJd68kVtujtf963+bnfFs0uAkZvWa7:rZvau7rm8sT3d6tQZ96ujq5Aev

Malware Config

Extracted

Family

redline

Botnet

Install_bot6

C2

101.99.92.189:57725

Targets

    • Target

      50012d6f8e95f51fd2859d308a17b29a337805a11ec2d7e70baf53ae9665cf8b.exe

    • Size

      1.2MB

    • MD5

      754a9aab48af50023442107487883ec2

    • SHA1

      ac6fcbaf337c23430d1772e108ca561a1ad01b12

    • SHA256

      50012d6f8e95f51fd2859d308a17b29a337805a11ec2d7e70baf53ae9665cf8b

    • SHA512

      2754e3358754eab821b1de741792827be140c074f1224d02e184eb12b7b4f58a3e0b5a440d9a449a7eb8783cd6df3ab65c5e7defe090bd19fe6f7a4b3f8cc977

    • SSDEEP

      24576:FX2jspZvLeoX7r4jNmbtfCThTJd68kVtujtf963+bnfFs0uAkZvWa7:rZvau7rm8sT3d6tQZ96ujq5Aev

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.