General
-
Target
slinkyloader.exe
-
Size
17.5MB
-
Sample
240421-s9f6zsee35
-
MD5
96ea9220bae88a463930e138631c1983
-
SHA1
61bf5000860e49f3c70983922110c575d03e6f19
-
SHA256
369b5e6e18c6f1b494147389106008ee284eb20e448d57dd8fd814b05884e7a8
-
SHA512
36eb783f0b0e0101ca4b911c483fbf9e1d11c7ee08e51edabb83e61db79fb5ba781199e29e780555c69edf1fa4fac364b49519ceb7031ac086243b0952a87087
-
SSDEEP
393216:b+c50Fa7K39n0LHOz3tcA/YFspJfUXvakYHQFSdbhALSVQtikwtW3Jigc:Hot3uLuz3tM6rfUXCkYgU/VQti/W35
Malware Config
Extracted
redline
cheat
month-washer.gl.at.ply.gg:33498
Targets
-
-
Target
slinkyloader.exe
-
Size
17.5MB
-
MD5
96ea9220bae88a463930e138631c1983
-
SHA1
61bf5000860e49f3c70983922110c575d03e6f19
-
SHA256
369b5e6e18c6f1b494147389106008ee284eb20e448d57dd8fd814b05884e7a8
-
SHA512
36eb783f0b0e0101ca4b911c483fbf9e1d11c7ee08e51edabb83e61db79fb5ba781199e29e780555c69edf1fa4fac364b49519ceb7031ac086243b0952a87087
-
SSDEEP
393216:b+c50Fa7K39n0LHOz3tcA/YFspJfUXvakYHQFSdbhALSVQtikwtW3Jigc:Hot3uLuz3tM6rfUXCkYgU/VQti/W35
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-