User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

General

  • Target

    sample3.exe

  • Size

    556KB

  • Sample

    240407-cma4fsac6w

  • MD5

    ea26fcaf8903da1bfe21acecc33c2603

  • SHA1

    951fd85f29b0182dc4b7358d1f7f6e604b63a1c8

  • SHA256

    00971cb6265f2b6ec80830e5bd41ed8f6df0102fd99fdc23f7dfef3d2a28ac46

  • SHA512

    f738729ac579c06ec8e19be352ce5c131d3c225c2307a6068dd2e11bff3d95139b7b33fb274fcb871d2c20f31210a2f2defd469f8a91d7d62b7582adbaed2ca7

  • SSDEEP

    12288:nglfloOJRYWq9DcElgYP4krKTIG/YZRIIhqsDGK30oQup4AHz:etoOJbWcIgYgkWZYL9tkqnz

Malware Config

Extracted

Family

redline

Botnet

Roly

C2

91.92.248.117:65012

Targets

    • Target

      sample3.exe

    • Size

      556KB

    • MD5

      ea26fcaf8903da1bfe21acecc33c2603

    • SHA1

      951fd85f29b0182dc4b7358d1f7f6e604b63a1c8

    • SHA256

      00971cb6265f2b6ec80830e5bd41ed8f6df0102fd99fdc23f7dfef3d2a28ac46

    • SHA512

      f738729ac579c06ec8e19be352ce5c131d3c225c2307a6068dd2e11bff3d95139b7b33fb274fcb871d2c20f31210a2f2defd469f8a91d7d62b7582adbaed2ca7

    • SSDEEP

      12288:nglfloOJRYWq9DcElgYP4krKTIG/YZRIIhqsDGK30oQup4AHz:etoOJbWcIgYgkWZYL9tkqnz

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks