General

  • Target

    1637661fced5903b3db6ad8f4633a729

  • Size

    1.0MB

  • Sample

    231230-mq1tdsbcgq

  • MD5

    1637661fced5903b3db6ad8f4633a729

  • SHA1

    877feda7fc9bcf645efb7c58382e8c398e7b4f9e

  • SHA256

    634206b8256faa12b0664ad3b1fb101d26d884d761688193fee177ce8ed48723

  • SHA512

    138c7ff28b0dab1ac095a9eded3684b68eaabdcba18f8fc860bfabab562ca5b4358aaf75a6d0644a44d440fab5a84d58eeaa813c8b2395074821635911736593

  • SSDEEP

    24576:rSLXjRGOsO3AhBe1Qnh0aZP000Ibavym04b+Jimrn+0MwduFMMh9I/T6:EzRGOsO3AhBe1zaN00qy7HQmrn+lrFy6

Malware Config

Extracted

Family

redline

Botnet

Straight

C2

2.56.59.35:43636

Targets

    • Target

      1637661fced5903b3db6ad8f4633a729

    • Size

      1.0MB

    • MD5

      1637661fced5903b3db6ad8f4633a729

    • SHA1

      877feda7fc9bcf645efb7c58382e8c398e7b4f9e

    • SHA256

      634206b8256faa12b0664ad3b1fb101d26d884d761688193fee177ce8ed48723

    • SHA512

      138c7ff28b0dab1ac095a9eded3684b68eaabdcba18f8fc860bfabab562ca5b4358aaf75a6d0644a44d440fab5a84d58eeaa813c8b2395074821635911736593

    • SSDEEP

      24576:rSLXjRGOsO3AhBe1Qnh0aZP000Ibavym04b+Jimrn+0MwduFMMh9I/T6:EzRGOsO3AhBe1zaN00qy7HQmrn+lrFy6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks