General

  • Target

    5738d596be68071de7786712b5410024

  • Size

    2.3MB

  • Sample

    240112-xfn2ysdefp

  • MD5

    5738d596be68071de7786712b5410024

  • SHA1

    6245023401af7c614e5dcb61d657f41c17233ccd

  • SHA256

    03469423c7c63f0144fc8e3135db3efd65f0a15bbc80c374236792f820633310

  • SHA512

    93e08c9d3c194f4fa290113eb9bae836b79f512ae2b8a0c68430c3acd4ac170d1f6d47b2ff3ce0d673651afed388ad8206acd9856122b7d95972e8c9827d2668

  • SSDEEP

    49152:hYVPdezBnlW4Es4e3yIvLb59ou2cfJ6xiz8lVHTIioOFZQ+y:hkQlQ4tTP7xJ6xiqZ7y

Malware Config

Extracted

Family

redline

Botnet

@janhidf

C2

45.14.12.90:52072

Targets

    • Target

      5738d596be68071de7786712b5410024

    • Size

      2.3MB

    • MD5

      5738d596be68071de7786712b5410024

    • SHA1

      6245023401af7c614e5dcb61d657f41c17233ccd

    • SHA256

      03469423c7c63f0144fc8e3135db3efd65f0a15bbc80c374236792f820633310

    • SHA512

      93e08c9d3c194f4fa290113eb9bae836b79f512ae2b8a0c68430c3acd4ac170d1f6d47b2ff3ce0d673651afed388ad8206acd9856122b7d95972e8c9827d2668

    • SSDEEP

      49152:hYVPdezBnlW4Es4e3yIvLb59ou2cfJ6xiz8lVHTIioOFZQ+y:hkQlQ4tTP7xJ6xiqZ7y

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks