General

  • Target

    f5c34bd16d0615f1e39cfcb9a710e690N.exe

  • Size

    1.7MB

  • Sample

    240827-m8kj5ayhpn

  • MD5

    f5c34bd16d0615f1e39cfcb9a710e690

  • SHA1

    6424b760dc6cb2cf668ef522babfeb7e3faa59b7

  • SHA256

    9a01d6ac3199098e0ed7323c677e27b5ec3175ac5799c8460da3b0b0885205dd

  • SHA512

    730fa53cf1b8f16f4f4400a3fd4e5079785fa7aaae0c02feb35dbc617175d5705bebca6371d8198bccec66eb52e470c0d3f7f6620ed71ddaacc73da1094172ac

  • SSDEEP

    12288:l5Y3fb/uuU1LhHFRwpWBBBBBBBVBBBBBBBBBBBiBBBBBBBBBBBBULlb6TW/3CrDN:Z8UG9

Malware Config

Extracted

Family

redline

Botnet

@Niodiym

C2

dishontesa.xyz:80

Extracted

Family

redline

Botnet

@wikech

C2

ierinapu.xyz:80

Targets

    • Target

      f5c34bd16d0615f1e39cfcb9a710e690N.exe

    • Size

      1.7MB

    • MD5

      f5c34bd16d0615f1e39cfcb9a710e690

    • SHA1

      6424b760dc6cb2cf668ef522babfeb7e3faa59b7

    • SHA256

      9a01d6ac3199098e0ed7323c677e27b5ec3175ac5799c8460da3b0b0885205dd

    • SHA512

      730fa53cf1b8f16f4f4400a3fd4e5079785fa7aaae0c02feb35dbc617175d5705bebca6371d8198bccec66eb52e470c0d3f7f6620ed71ddaacc73da1094172ac

    • SSDEEP

      12288:l5Y3fb/uuU1LhHFRwpWBBBBBBBVBBBBBBBBBBBiBBBBBBBBBBBBULlb6TW/3CrDN:Z8UG9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks