Resubmissions

22-11-2024 15:06

241122-sgv5faypgl 10

General

  • Target

    S500 RAT.zip

  • Size

    40.4MB

  • Sample

    241122-sgv5faypgl

  • MD5

    148feb47315d32610c00f3f5db8a1e7b

  • SHA1

    cb14479bdef8aa05fbcf4b845c42d890dd19fd96

  • SHA256

    2e466546d957cccb664961cecbe93fdfa718115b2d17419e1a13a5ad8fceeab2

  • SHA512

    e70e12d459aa503bdea92e191f92e6b05e71ac3638b8c003139a73579c34a8feac6ab7835ed68edeebfdf29f1f463bcab83b50bdf4209df470e8318956e4b529

  • SSDEEP

    786432:q0Y+JAFl0rE/WmcnKPloVCcEjIi/O/mK+fP1JqsvGnPm5WgTutHHJEDTJbM:YFu4EnMloOIiBBq3PguBpwTZM

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://pastebin.com/raw/p2s7tDSd

Targets

    • Target

      S500 RAT.zip

    • Size

      40.4MB

    • MD5

      148feb47315d32610c00f3f5db8a1e7b

    • SHA1

      cb14479bdef8aa05fbcf4b845c42d890dd19fd96

    • SHA256

      2e466546d957cccb664961cecbe93fdfa718115b2d17419e1a13a5ad8fceeab2

    • SHA512

      e70e12d459aa503bdea92e191f92e6b05e71ac3638b8c003139a73579c34a8feac6ab7835ed68edeebfdf29f1f463bcab83b50bdf4209df470e8318956e4b529

    • SSDEEP

      786432:q0Y+JAFl0rE/WmcnKPloVCcEjIi/O/mK+fP1JqsvGnPm5WgTutHHJEDTJbM:YFu4EnMloOIiBBq3PguBpwTZM

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks