General

  • Target

    b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec

  • Size

    629KB

  • Sample

    240624-thdr8atgkj

  • MD5

    901a623dbccaa22525373cd36195ee14

  • SHA1

    9adb6dddb68cd7e116da9392e7ee63a8fa394495

  • SHA256

    b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec

  • SHA512

    eabeba0eb9ae7e39577a7e313e50807cee1b888f1c8ff0fa375e5de9451a66471c791c23ea4f4af85151f96b065d55e8c1320026d8503a048a3e5968f8effc1d

  • SSDEEP

    12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcN6S5UesUInNnpo2R2:hBXu9HGaVHN6S5U5Rn/Y

Malware Config

Extracted

Family

redline

Botnet

wordfile

C2

185.38.142.10:7474

Targets

    • Target

      b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec

    • Size

      629KB

    • MD5

      901a623dbccaa22525373cd36195ee14

    • SHA1

      9adb6dddb68cd7e116da9392e7ee63a8fa394495

    • SHA256

      b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec

    • SHA512

      eabeba0eb9ae7e39577a7e313e50807cee1b888f1c8ff0fa375e5de9451a66471c791c23ea4f4af85151f96b065d55e8c1320026d8503a048a3e5968f8effc1d

    • SSDEEP

      12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcN6S5UesUInNnpo2R2:hBXu9HGaVHN6S5U5Rn/Y

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks