General

  • Target

    5c0d367fab1bd7c499b318e81980b717

  • Size

    2.3MB

  • Sample

    240115-ebjmkahfg4

  • MD5

    5c0d367fab1bd7c499b318e81980b717

  • SHA1

    540b90260ed89b4c0d8330c851dd542af52a7d0c

  • SHA256

    70a7b4539fd77466de9aebe4d1e8eca3282df072e12fb8c95f5906d611febc5f

  • SHA512

    4c99d846cf8e9c8c2209d3373c870e5e7663cfd2d5961d31d04457aebcaf6444faa46ae2e58b4237d2158b1f25123634b4c0fe7c6f6930192b957786d9b9fbb2

  • SSDEEP

    49152:s5+hF7EUttWAykEbkd9yhJKyB67kuqgcM/mmtr9xiz8lVHTIioOFZQ+z:s5aFr/eAiJKyo7kuN/ZtBxiqZ7z

Malware Config

Extracted

Family

redline

Botnet

@vodi4ka228

C2

45.14.49.109:54819

Targets

    • Target

      5c0d367fab1bd7c499b318e81980b717

    • Size

      2.3MB

    • MD5

      5c0d367fab1bd7c499b318e81980b717

    • SHA1

      540b90260ed89b4c0d8330c851dd542af52a7d0c

    • SHA256

      70a7b4539fd77466de9aebe4d1e8eca3282df072e12fb8c95f5906d611febc5f

    • SHA512

      4c99d846cf8e9c8c2209d3373c870e5e7663cfd2d5961d31d04457aebcaf6444faa46ae2e58b4237d2158b1f25123634b4c0fe7c6f6930192b957786d9b9fbb2

    • SSDEEP

      49152:s5+hF7EUttWAykEbkd9yhJKyB67kuqgcM/mmtr9xiz8lVHTIioOFZQ+z:s5aFr/eAiJKyo7kuN/ZtBxiqZ7z

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks