General
-
Target
58a192c56eff7d48740607232cea9d49
-
Size
1.3MB
-
Sample
240113-lzcmgsgbbr
-
MD5
58a192c56eff7d48740607232cea9d49
-
SHA1
6bde1b43b0eabaa2151f5126c102eb3cc5dbb693
-
SHA256
2bc19a1a48254b0ce6a30f471c0e870ceff05ef8ab66ce5d9bb4ecae869d3b10
-
SHA512
cf97dfe3d719f05d0bbbeaf78d8e26cfe3234480e1ef98c1888b2bd316d04777c022f78d09b64f079d07a22520e7df3dc3b5eeba21346ac1f6b1eb464f78beff
-
SSDEEP
6144:HgICFP7B/5KbOPSaCkSF0UcUm2m5haafXbQHtp5lICT+5Bj9hvKtmXmL+DV/bHMN:8Qi8lICT+5Bj9hkJ
Malware Config
Extracted
redline
proliv2
136.243.65.8:48715
Targets
-
-
Target
58a192c56eff7d48740607232cea9d49
-
Size
1.3MB
-
MD5
58a192c56eff7d48740607232cea9d49
-
SHA1
6bde1b43b0eabaa2151f5126c102eb3cc5dbb693
-
SHA256
2bc19a1a48254b0ce6a30f471c0e870ceff05ef8ab66ce5d9bb4ecae869d3b10
-
SHA512
cf97dfe3d719f05d0bbbeaf78d8e26cfe3234480e1ef98c1888b2bd316d04777c022f78d09b64f079d07a22520e7df3dc3b5eeba21346ac1f6b1eb464f78beff
-
SSDEEP
6144:HgICFP7B/5KbOPSaCkSF0UcUm2m5haafXbQHtp5lICT+5Bj9hvKtmXmL+DV/bHMN:8Qi8lICT+5Bj9hkJ
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Turns off Windows Defender SpyNet reporting
-
UAC bypass
-
Windows security bypass
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1