General

  • Target

    5bfda514826e4aad6f860d4a855f6ebb

  • Size

    1.1MB

  • Sample

    240115-ds2c9sgdaj

  • MD5

    5bfda514826e4aad6f860d4a855f6ebb

  • SHA1

    46c9fb3c70fa458f5af1b6238fbb92492dea91b5

  • SHA256

    d38fb3d87631e08a1988115b93b84edd25b2c0353f59397af88440fef5844048

  • SHA512

    7e82c546be3c40155948cd7f39e79900dd45a3dce55d8cf35556d4ad7653744fcff7523395ee11d36af755e3ba60e72600113b17b842e5c527fdbdad52977368

  • SSDEEP

    24576:ZSLXnYt0osqcFIj/qpXUHccGMR1/Mih+bTnFYL1pFYwkF5RDgh8n9:io+qAY/qpE8+D/MimrFYRorFfg29

Malware Config

Extracted

Family

redline

Botnet

sonia

C2

94.103.82.22:49018

Targets

    • Target

      5bfda514826e4aad6f860d4a855f6ebb

    • Size

      1.1MB

    • MD5

      5bfda514826e4aad6f860d4a855f6ebb

    • SHA1

      46c9fb3c70fa458f5af1b6238fbb92492dea91b5

    • SHA256

      d38fb3d87631e08a1988115b93b84edd25b2c0353f59397af88440fef5844048

    • SHA512

      7e82c546be3c40155948cd7f39e79900dd45a3dce55d8cf35556d4ad7653744fcff7523395ee11d36af755e3ba60e72600113b17b842e5c527fdbdad52977368

    • SSDEEP

      24576:ZSLXnYt0osqcFIj/qpXUHccGMR1/Mih+bTnFYL1pFYwkF5RDgh8n9:io+qAY/qpE8+D/MimrFYRorFfg29

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks