General

  • Target

    74e9e75ac1a13c0b228581c7d81ec2cc

  • Size

    2.3MB

  • Sample

    231226-rkw1gadhcm

  • MD5

    74e9e75ac1a13c0b228581c7d81ec2cc

  • SHA1

    730c2a7a8d6e4b310ad8dab1e41698d839770071

  • SHA256

    402ae20b6a6fe9aba08d29b69a517c400bb18353379d25d232cb86ba11788c0f

  • SHA512

    469a6f9e8e6d3dd1c43f13fb809decb573f6567f25fcb256efcb98f10ddb8f2a112584620037dc0aa0d7e5e5a84cc4a9b30c6de4d0fe331fd08f33ca237f17bf

  • SSDEEP

    49152:D5+hFGERYyZIPZwPf+DLwa7OMxqr9gRtUWxWN6w3XPhe88xiz8lVHTIioOFZQ+5:D5aFGEVIPZKf+/lXqrUtU4wvhe88xiqb

Malware Config

Extracted

Family

redline

Botnet

@un6329

C2

xetadycami.xyz:80

Targets

    • Target

      74e9e75ac1a13c0b228581c7d81ec2cc

    • Size

      2.3MB

    • MD5

      74e9e75ac1a13c0b228581c7d81ec2cc

    • SHA1

      730c2a7a8d6e4b310ad8dab1e41698d839770071

    • SHA256

      402ae20b6a6fe9aba08d29b69a517c400bb18353379d25d232cb86ba11788c0f

    • SHA512

      469a6f9e8e6d3dd1c43f13fb809decb573f6567f25fcb256efcb98f10ddb8f2a112584620037dc0aa0d7e5e5a84cc4a9b30c6de4d0fe331fd08f33ca237f17bf

    • SSDEEP

      49152:D5+hFGERYyZIPZwPf+DLwa7OMxqr9gRtUWxWN6w3XPhe88xiz8lVHTIioOFZQ+5:D5aFGEVIPZKf+/lXqrUtU4wvhe88xiqb

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks