General

  • Target

    24a0fca0ed4e41562a676366af495f6a.exe

  • Size

    641KB

  • Sample

    240716-lnrl9syfmd

  • MD5

    24a0fca0ed4e41562a676366af495f6a

  • SHA1

    16fcc47dee4d1aa73911dfe855e2053a27df176a

  • SHA256

    9ad8a7c40f6360a17fa6a3d50bb25e97e87b042a6ae1555d089e32f0ab6d08a8

  • SHA512

    8d45ac314acb1ce1cd84fa0fcf157be39a01fbc51beb7a4b1412a250156a00018bbdfcc73226b4b1d9229b5c66b8402e605339b0dcc82681c6406e86debd5ed3

  • SSDEEP

    12288:QLH14GB65SbH8SLGjnlDENFTHzJXKc9cbehZDkR:i2SUnCNFTHzBcQZW

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.57.74:55615

Targets

    • Target

      24a0fca0ed4e41562a676366af495f6a.exe

    • Size

      641KB

    • MD5

      24a0fca0ed4e41562a676366af495f6a

    • SHA1

      16fcc47dee4d1aa73911dfe855e2053a27df176a

    • SHA256

      9ad8a7c40f6360a17fa6a3d50bb25e97e87b042a6ae1555d089e32f0ab6d08a8

    • SHA512

      8d45ac314acb1ce1cd84fa0fcf157be39a01fbc51beb7a4b1412a250156a00018bbdfcc73226b4b1d9229b5c66b8402e605339b0dcc82681c6406e86debd5ed3

    • SSDEEP

      12288:QLH14GB65SbH8SLGjnlDENFTHzJXKc9cbehZDkR:i2SUnCNFTHzBcQZW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks