General

  • Target

    15f1bb02ce136666cc8e01c262598d2b

  • Size

    2.3MB

  • Sample

    231225-l4gf8sdad6

  • MD5

    15f1bb02ce136666cc8e01c262598d2b

  • SHA1

    3f31503cc9435bd992a995802832f13bd3d33ef1

  • SHA256

    3aec785475880404e178721637b1a15a4990ba20af83b1c42db8d73924fa8563

  • SHA512

    47cfba10258b5cc961abb4364479c2d79d4735a4fd61e4fabf51f695e54bccf1714d7a2f0a4f2a0442f637770c849aabfce0a473f8d2271007c8148ca0567171

  • SSDEEP

    49152:Y5+hFdY/2Ypqe3xwW4wnndRgde6DJzw5/5M6xiz8lVHTIioOFZQ+C:Y5aFa+QxwtwndRMe2A/hxiqZ7C

Malware Config

Extracted

Family

redline

Botnet

@keynejkee

C2

45.12.213.248:36372

Targets

    • Target

      15f1bb02ce136666cc8e01c262598d2b

    • Size

      2.3MB

    • MD5

      15f1bb02ce136666cc8e01c262598d2b

    • SHA1

      3f31503cc9435bd992a995802832f13bd3d33ef1

    • SHA256

      3aec785475880404e178721637b1a15a4990ba20af83b1c42db8d73924fa8563

    • SHA512

      47cfba10258b5cc961abb4364479c2d79d4735a4fd61e4fabf51f695e54bccf1714d7a2f0a4f2a0442f637770c849aabfce0a473f8d2271007c8148ca0567171

    • SSDEEP

      49152:Y5+hFdY/2Ypqe3xwW4wnndRgde6DJzw5/5M6xiz8lVHTIioOFZQ+C:Y5aFa+QxwtwndRMe2A/hxiqZ7C

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks