General

  • Target

    567b2021c7a3db81cfd1421d3d7d37a1

  • Size

    978KB

  • Sample

    240112-ptxx1sgfe4

  • MD5

    567b2021c7a3db81cfd1421d3d7d37a1

  • SHA1

    5b6e3b6c6840cc282f7458af24dc18ea03c44009

  • SHA256

    4a0d83439be8a28152984b5800a6a1882d95e5ac361ad24131a688237bf403b7

  • SHA512

    bcc4cf1230cd7f51a813c48b984dc152d19f53ad10f0621f36903a528d408d01e488021d8d8f5f392b95c82fa3236f2aa14db3d2ad4dd128cf2ccc028b460675

  • SSDEEP

    24576:tr065nEVHc2YRQCWnwO5BqGff8NfMuYETj5mWGYlyy/2zw:trpnRwwAfwMG5mWGYlyM2

Malware Config

Extracted

Family

redline

Botnet

@Cryptex777

C2

109.248.203.166:29888

Targets

    • Target

      567b2021c7a3db81cfd1421d3d7d37a1

    • Size

      978KB

    • MD5

      567b2021c7a3db81cfd1421d3d7d37a1

    • SHA1

      5b6e3b6c6840cc282f7458af24dc18ea03c44009

    • SHA256

      4a0d83439be8a28152984b5800a6a1882d95e5ac361ad24131a688237bf403b7

    • SHA512

      bcc4cf1230cd7f51a813c48b984dc152d19f53ad10f0621f36903a528d408d01e488021d8d8f5f392b95c82fa3236f2aa14db3d2ad4dd128cf2ccc028b460675

    • SSDEEP

      24576:tr065nEVHc2YRQCWnwO5BqGff8NfMuYETj5mWGYlyy/2zw:trpnRwwAfwMG5mWGYlyM2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks