General

  • Target

    1bc577dad75c1a9330733c7c0afd3acd

  • Size

    3.3MB

  • Sample

    231225-nw6ghagch6

  • MD5

    1bc577dad75c1a9330733c7c0afd3acd

  • SHA1

    30962e91f8a0738b310714fc1773f59691df80b5

  • SHA256

    8287099f75fb545e5d4227322ac149ba01daaba3f81b87b2555ad663b028ed78

  • SHA512

    2f7b38fa812409ea5bd0f22602e28926c2531d81b0055705334b1a380de9786e2c29262ff3b09f167f6a8f5ca6599b91297fe57600762df53dd26d7fba04a845

  • SSDEEP

    98304:RiAA5tD/+aIVLyVNlFRCJOSDF7UYET4Lpi4nnfVbff:Ri3br+zVUTUOShYYa+pi4nfVbH

Malware Config

Extracted

Family

redline

Botnet

@N4m1ko

C2

185.241.54.128:47729

Targets

    • Target

      1bc577dad75c1a9330733c7c0afd3acd

    • Size

      3.3MB

    • MD5

      1bc577dad75c1a9330733c7c0afd3acd

    • SHA1

      30962e91f8a0738b310714fc1773f59691df80b5

    • SHA256

      8287099f75fb545e5d4227322ac149ba01daaba3f81b87b2555ad663b028ed78

    • SHA512

      2f7b38fa812409ea5bd0f22602e28926c2531d81b0055705334b1a380de9786e2c29262ff3b09f167f6a8f5ca6599b91297fe57600762df53dd26d7fba04a845

    • SSDEEP

      98304:RiAA5tD/+aIVLyVNlFRCJOSDF7UYET4Lpi4nnfVbff:Ri3br+zVUTUOShYYa+pi4nfVbH

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks