General

  • Target

    5824addc5cace9168fb18810a557998d

  • Size

    2.3MB

  • Sample

    240113-gj33aadbar

  • MD5

    5824addc5cace9168fb18810a557998d

  • SHA1

    f6578c7764eafd0f62027781e131e182cf840786

  • SHA256

    fa6a68e4dff9c701b5a7e4d621dfd67dda338e2c1eae3180d69abae2b2abafcd

  • SHA512

    fd5722eb620fb181ba19be493baa27baaf2a6556575ab6a15b31bdd184a0de88d8e3407c141a4e87c52f37b117d82444ef50c477cd2e0398cfdc8e24a705f4f8

  • SSDEEP

    49152:M5+hFb9qaxBvTd8gNzZLNWT5VJtzFrzezgvGjo+WXxiz8lVHTIioOFZQ+/:M5aFb5kczTWT9tzFrKlhmxiqZ7/

Malware Config

Extracted

Family

redline

Botnet

@Makarenaq

C2

45.14.49.109:21295

Targets

    • Target

      5824addc5cace9168fb18810a557998d

    • Size

      2.3MB

    • MD5

      5824addc5cace9168fb18810a557998d

    • SHA1

      f6578c7764eafd0f62027781e131e182cf840786

    • SHA256

      fa6a68e4dff9c701b5a7e4d621dfd67dda338e2c1eae3180d69abae2b2abafcd

    • SHA512

      fd5722eb620fb181ba19be493baa27baaf2a6556575ab6a15b31bdd184a0de88d8e3407c141a4e87c52f37b117d82444ef50c477cd2e0398cfdc8e24a705f4f8

    • SSDEEP

      49152:M5+hFb9qaxBvTd8gNzZLNWT5VJtzFrzezgvGjo+WXxiz8lVHTIioOFZQ+/:M5aFb5kczTWT9tzFrKlhmxiqZ7/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks