General
-
Target
05a91c28d71e445605a0273271b8d19d11068c5b5c18460228d4fcdd5a615d72
-
Size
785KB
-
Sample
240308-vh7kzada91
-
MD5
1b67cf4ddefeb9a7fe5b6d9ec70576f9
-
SHA1
fc7ab4eb762a7b9449689f14ba7cbcd6faa56caf
-
SHA256
05a91c28d71e445605a0273271b8d19d11068c5b5c18460228d4fcdd5a615d72
-
SHA512
013ab2ee5c7d6f4dfa47f08a9ed8011f41409d8a7879960bda577d5e02ccacc337fcc52817d199421eb259305386cb81ebe0a84fec5fd74fca6b1bf2e472123b
-
SSDEEP
24576:/DkUNi1EvGdWbYJGzC9bUPBgWbN+WfT4Y:/DkUrOdWbD7eycWcY
Malware Config
Extracted
redline
cheat
185.222.57.69:55615
Targets
-
-
Target
05a91c28d71e445605a0273271b8d19d11068c5b5c18460228d4fcdd5a615d72
-
Size
785KB
-
MD5
1b67cf4ddefeb9a7fe5b6d9ec70576f9
-
SHA1
fc7ab4eb762a7b9449689f14ba7cbcd6faa56caf
-
SHA256
05a91c28d71e445605a0273271b8d19d11068c5b5c18460228d4fcdd5a615d72
-
SHA512
013ab2ee5c7d6f4dfa47f08a9ed8011f41409d8a7879960bda577d5e02ccacc337fcc52817d199421eb259305386cb81ebe0a84fec5fd74fca6b1bf2e472123b
-
SSDEEP
24576:/DkUNi1EvGdWbYJGzC9bUPBgWbN+WfT4Y:/DkUrOdWbD7eycWcY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-