General
-
Target
2185ecde5380054ad075b7a25ae0ea51.bin
-
Size
777KB
-
Sample
240617-bllccsxdmc
-
MD5
1c488afa78edd908e0ad0610a42fecf5
-
SHA1
b8ac63e22f9bc3b5d511e9e952e7754613ae6cdf
-
SHA256
8acdfccde210ccd6686aaeb5379270e141a38e944c002134005de5e40d8f8000
-
SHA512
f41ecbe4ab23a7d1dbb45a9fadcc9d0a68e6a8aa5d2223a9d81a08b938e262a3c85665a8e443c4af0c3f15ed4c551b8312bf853d1d647a76c3d129ea838bcaa3
-
SSDEEP
12288:xXeBVdSh+nBnndMgqGyR0sMV9orXnE96XESfm3TYe64JxwCPgENYbaA6HPRsc29t:xXeBa+nBnLr/9o70dSeDY0oENd1Rsc2b
Malware Config
Extracted
redline
cheat
45.137.22.67:55615
Targets
-
-
Target
e1a01751d2ea4682e211983eb7d6d1f01876a1199ba8eb9f04e3b8594f2ee199.exe
-
Size
898KB
-
MD5
2185ecde5380054ad075b7a25ae0ea51
-
SHA1
caa1b832574fc3050af5f97b6deabc21398b5c47
-
SHA256
e1a01751d2ea4682e211983eb7d6d1f01876a1199ba8eb9f04e3b8594f2ee199
-
SHA512
f31d6c4fc0b4533c0538975518a1ff703c9a62ffdb072570942245725d375b9ef27f0d65a37e3ed07cd52a11def9893c8c3e7d0edc884c5c9b602af61ad8e211
-
SSDEEP
24576:bCdL4E+j8SmRREbtuLD4DIvu18fplg+zQWxu5y0:bcL4/ruqbtuLMDQh58
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-