General

  • Target

    0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1

  • Size

    1004KB

  • Sample

    230206-q6esmshd8w

  • MD5

    b726e7acb36c6eef97e9a9f2fef000b2

  • SHA1

    804f59f453347613e015f4c981306c338398cfe4

  • SHA256

    0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1

  • SHA512

    0cf3eb1105c0a750dd4563a0707620e334ac881faf604e10ba06745f8399826b9a1e813c2d44025b9f9760a6404a5403d71062ab19ee00323eee0c85c23c4857

  • SSDEEP

    24576:cIv5QimqIakPrYsMdX3gU22+c5c6apVuXgm:nOXUXwF2Nrg

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.88.231.102:60891

Targets

    • Target

      0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1

    • Size

      1004KB

    • MD5

      b726e7acb36c6eef97e9a9f2fef000b2

    • SHA1

      804f59f453347613e015f4c981306c338398cfe4

    • SHA256

      0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1

    • SHA512

      0cf3eb1105c0a750dd4563a0707620e334ac881faf604e10ba06745f8399826b9a1e813c2d44025b9f9760a6404a5403d71062ab19ee00323eee0c85c23c4857

    • SSDEEP

      24576:cIv5QimqIakPrYsMdX3gU22+c5c6apVuXgm:nOXUXwF2Nrg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks