General

  • Target

    5956d4f7e7ee67784eb1144040e52b5d

  • Size

    2.3MB

  • Sample

    240113-y76azsdeem

  • MD5

    5956d4f7e7ee67784eb1144040e52b5d

  • SHA1

    de6fb74735924dcf2463719652a9197b83dfff08

  • SHA256

    3bd79a5e14e5c1d9d33230d737e40c877c1bcf5eaa750fbf15eb9791b88a544c

  • SHA512

    d0a3069288fac6a86f476c0de03cf9d3174e4a3603519e6d20022335334741b0f2e101988e0c1770d8bbc3acf592618490e29598f549765dc67c4e8a6852a30c

  • SSDEEP

    49152:U5+hFCjbRCWEiyOqB9XNusVlAHrj6zjWxiz8lVHTIioOFZQ+Z:U5aF8CMY/3luOWxiqZ7Z

Malware Config

Extracted

Family

redline

Botnet

@kosmostarsz

C2

77.220.214.232:13459

Targets

    • Target

      5956d4f7e7ee67784eb1144040e52b5d

    • Size

      2.3MB

    • MD5

      5956d4f7e7ee67784eb1144040e52b5d

    • SHA1

      de6fb74735924dcf2463719652a9197b83dfff08

    • SHA256

      3bd79a5e14e5c1d9d33230d737e40c877c1bcf5eaa750fbf15eb9791b88a544c

    • SHA512

      d0a3069288fac6a86f476c0de03cf9d3174e4a3603519e6d20022335334741b0f2e101988e0c1770d8bbc3acf592618490e29598f549765dc67c4e8a6852a30c

    • SSDEEP

      49152:U5+hFCjbRCWEiyOqB9XNusVlAHrj6zjWxiz8lVHTIioOFZQ+Z:U5aF8CMY/3luOWxiqZ7Z

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks