General

  • Target

    5928745f1d5cab62de613b4c5f558df1

  • Size

    2.3MB

  • Sample

    240113-tnmbjsdag5

  • MD5

    5928745f1d5cab62de613b4c5f558df1

  • SHA1

    4a511b360df83b69f9144e6fb23f3ea0b133ccfd

  • SHA256

    10cdc1c1b8112716b5aec0caba5db1cef422176c550288f4952473c216357466

  • SHA512

    e81ce51d581ac136d5884730a8af696f006ddc2e6d6f334cfab9195f6db5e1f75adcddd53a6d4ebed60753e45cd65d19a15f25886b3dd3a988f5794b4e71df9a

  • SSDEEP

    49152:/5+hFVRTb0i5i+7baItMOV861aT0Sxiz8lVHTIioOFZQ+A:/5aFVSi5B7OICOV83ISxiqZ7A

Malware Config

Extracted

Family

redline

Botnet

@lovefuckwithyourmom

C2

xetadycami.xyz:80

Targets

    • Target

      5928745f1d5cab62de613b4c5f558df1

    • Size

      2.3MB

    • MD5

      5928745f1d5cab62de613b4c5f558df1

    • SHA1

      4a511b360df83b69f9144e6fb23f3ea0b133ccfd

    • SHA256

      10cdc1c1b8112716b5aec0caba5db1cef422176c550288f4952473c216357466

    • SHA512

      e81ce51d581ac136d5884730a8af696f006ddc2e6d6f334cfab9195f6db5e1f75adcddd53a6d4ebed60753e45cd65d19a15f25886b3dd3a988f5794b4e71df9a

    • SSDEEP

      49152:/5+hFVRTb0i5i+7baItMOV861aT0Sxiz8lVHTIioOFZQ+A:/5aFVSi5B7OICOV83ISxiqZ7A

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks