General
-
Target
4ec07b8e03c6decbd6a69fd6205134cc.bin
-
Size
59KB
-
Sample
240628-c5ppkazblm
-
MD5
e3963e4376a3b317076970ce9de61898
-
SHA1
d319a24c3b67ceb50505bfcb48ea3935e0b9af97
-
SHA256
b7c1ffe1755532836fbe294aeac5ce8849706ef18ee00438ea697094f7155c03
-
SHA512
1a249506f02d1afaa823332420f62580353504fc7ee3e05dc7ba94982462932cdf84350c64b1241540b668ccd90389f03e2ff5087d1bb26d5e73ac0704a51a3e
-
SSDEEP
1536:4n3hNNlp/y/773vf9r6N2V3GOUNeGsJdbPDtKlm:4n3rHp/I5eNQ3GOUNZW8lm
Malware Config
Extracted
redline
tst
194.55.186.87:4483
Targets
-
-
Target
3d41c549e3605066d3308fe88c6c4674840a2fae493f53ccd777f4c40744caf5.exe
-
Size
137KB
-
MD5
4ec07b8e03c6decbd6a69fd6205134cc
-
SHA1
d7e39255e93b6b45e71accf53ae063973d317c79
-
SHA256
3d41c549e3605066d3308fe88c6c4674840a2fae493f53ccd777f4c40744caf5
-
SHA512
ecd9cb4b3ed871d31055d6670b9c7729c43f14015a310365de4b57493a56f8eaed290a74b01b81687747a3348da39c786783260076dbe4c43ec3d87cd18ba6e6
-
SSDEEP
3072:bzWhTc8VndpIVANtDI0wMuedstt+R1ATIiQKRMs6x:byhTc8TpIVANtnwMuedTHAbRM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Suspicious use of SetThreadContext
-