General
-
Target
b44b2632b39295e9a08737255593a1532c50693e03557919268cfd842f927a83.exe
-
Size
1.2MB
-
Sample
241122-qadkpsxjfk
-
MD5
ec9d42549540f5bae13f250a6f9d9410
-
SHA1
d151a6d2b57c48bf43608c483a1794de2ea4a4df
-
SHA256
b44b2632b39295e9a08737255593a1532c50693e03557919268cfd842f927a83
-
SHA512
fa4103b5358c168e4db8286204e6ba8c35a0aa197809205c432b93bee7c914bb44e8d48afc7040176bd83eeb2ae90dcedd62da9814a3dc695f91379b19cef2a6
-
SSDEEP
12288:unp+wJ9GeeYwTVlCOCQWAKeAaf/+YQZ7QQ6m1N4LWgViFd1kXanGJAWCG2GBKf/n:uOeZ7YymWgpkM4uU
Malware Config
Extracted
redline
@andrey_dolmatov
212.86.102.118:22117
Targets
-
-
Target
b44b2632b39295e9a08737255593a1532c50693e03557919268cfd842f927a83.exe
-
Size
1.2MB
-
MD5
ec9d42549540f5bae13f250a6f9d9410
-
SHA1
d151a6d2b57c48bf43608c483a1794de2ea4a4df
-
SHA256
b44b2632b39295e9a08737255593a1532c50693e03557919268cfd842f927a83
-
SHA512
fa4103b5358c168e4db8286204e6ba8c35a0aa197809205c432b93bee7c914bb44e8d48afc7040176bd83eeb2ae90dcedd62da9814a3dc695f91379b19cef2a6
-
SSDEEP
12288:unp+wJ9GeeYwTVlCOCQWAKeAaf/+YQZ7QQ6m1N4LWgViFd1kXanGJAWCG2GBKf/n:uOeZ7YymWgpkM4uU
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Sectoprat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-