General
-
Target
12f9806ad64e90f6276302e3c023fb71.exe
-
Size
5KB
-
Sample
241016-3yz5tszhma
-
MD5
12f9806ad64e90f6276302e3c023fb71
-
SHA1
769b8bdcd4e87324fc7b05d07b600842ceba3aed
-
SHA256
8a5b6b6a2d9cd640f59a4c7ed58ad3bbc54268205dd3899356f5cb99a9352a78
-
SHA512
7700b9b3ddf0eae92daa73d098a1c081428b3cdd754293912217b20ef6086e227915d3dfe8cb86d15e00b3a39377bb67ca2c96172b628bff6389f7ec602927f1
-
SSDEEP
48:6LaoejN+CAc+CJrjV6CIndMh0Dc7bVrricqDsKrQ7tieK8CNJjpfbNtm:QWNPAc+CJrR6a0Dclri3DADNizNt
Malware Config
Extracted
redline
7772121777
87.120.127.223:42128
Targets
-
-
Target
12f9806ad64e90f6276302e3c023fb71.exe
-
Size
5KB
-
MD5
12f9806ad64e90f6276302e3c023fb71
-
SHA1
769b8bdcd4e87324fc7b05d07b600842ceba3aed
-
SHA256
8a5b6b6a2d9cd640f59a4c7ed58ad3bbc54268205dd3899356f5cb99a9352a78
-
SHA512
7700b9b3ddf0eae92daa73d098a1c081428b3cdd754293912217b20ef6086e227915d3dfe8cb86d15e00b3a39377bb67ca2c96172b628bff6389f7ec602927f1
-
SSDEEP
48:6LaoejN+CAc+CJrjV6CIndMh0Dc7bVrricqDsKrQ7tieK8CNJjpfbNtm:QWNPAc+CJrR6a0Dclri3DADNizNt
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-