General
-
Target
79c2644b6900df6336a9feddde98eae4
-
Size
798KB
-
Sample
240127-keltzsacak
-
MD5
79c2644b6900df6336a9feddde98eae4
-
SHA1
3717e912455e85d0262356aebccc937f0a4790d2
-
SHA256
bed4c9f14696cc59c90575c491b4b60208c9cb602da5b29a63cdabbf448135fe
-
SHA512
9e3f644519c36d7001c6a89f6f5191d4b8d2de5371f9336671eb5639313fb711e66dca89fd72bea94962c69ce30085833006ee3e21d47a787ab8f03eaf885d11
-
SSDEEP
12288:Yakftd38PlWKAi7oqXncg4+prNEnlmxkgcCMV29hJl5i8oirqGONZORMCjPeOAOK:zkftNiroqn4kNEZVHShPY8oWONWtAT
Malware Config
Extracted
redline
190.2.145.47:80
Extracted
redline
@big_tastyyy
87.251.71.44:80
Extracted
redline
@TyBaby_LZT
135.181.171.9:16077
Targets
-
-
Target
79c2644b6900df6336a9feddde98eae4
-
Size
798KB
-
MD5
79c2644b6900df6336a9feddde98eae4
-
SHA1
3717e912455e85d0262356aebccc937f0a4790d2
-
SHA256
bed4c9f14696cc59c90575c491b4b60208c9cb602da5b29a63cdabbf448135fe
-
SHA512
9e3f644519c36d7001c6a89f6f5191d4b8d2de5371f9336671eb5639313fb711e66dca89fd72bea94962c69ce30085833006ee3e21d47a787ab8f03eaf885d11
-
SSDEEP
12288:Yakftd38PlWKAi7oqXncg4+prNEnlmxkgcCMV29hJl5i8oirqGONZORMCjPeOAOK:zkftNiroqn4kNEZVHShPY8oWONWtAT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-