General
-
Target
24a0fca0ed4e41562a676366af495f6a.exe
-
Size
641KB
-
Sample
240716-lnrl9syfmd
-
MD5
24a0fca0ed4e41562a676366af495f6a
-
SHA1
16fcc47dee4d1aa73911dfe855e2053a27df176a
-
SHA256
9ad8a7c40f6360a17fa6a3d50bb25e97e87b042a6ae1555d089e32f0ab6d08a8
-
SHA512
8d45ac314acb1ce1cd84fa0fcf157be39a01fbc51beb7a4b1412a250156a00018bbdfcc73226b4b1d9229b5c66b8402e605339b0dcc82681c6406e86debd5ed3
-
SSDEEP
12288:QLH14GB65SbH8SLGjnlDENFTHzJXKc9cbehZDkR:i2SUnCNFTHzBcQZW
Malware Config
Extracted
redline
cheat
185.222.57.74:55615
Targets
-
-
Target
24a0fca0ed4e41562a676366af495f6a.exe
-
Size
641KB
-
MD5
24a0fca0ed4e41562a676366af495f6a
-
SHA1
16fcc47dee4d1aa73911dfe855e2053a27df176a
-
SHA256
9ad8a7c40f6360a17fa6a3d50bb25e97e87b042a6ae1555d089e32f0ab6d08a8
-
SHA512
8d45ac314acb1ce1cd84fa0fcf157be39a01fbc51beb7a4b1412a250156a00018bbdfcc73226b4b1d9229b5c66b8402e605339b0dcc82681c6406e86debd5ed3
-
SSDEEP
12288:QLH14GB65SbH8SLGjnlDENFTHzJXKc9cbehZDkR:i2SUnCNFTHzBcQZW
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-