Overview

overview

10

Static

static

3

60e2e3e3dd...18.exe

windows7-x64

10

60e2e3e3dd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60e2e3e3ddca82336695b757d1bc291b_JaffaCakes118

  • Size

    840KB

  • Sample

    240331-29tlrafc97

  • MD5

    60e2e3e3ddca82336695b757d1bc291b

  • SHA1

    d354e37dfe4187674e2f56509626212c26cbb4cc

  • SHA256

    86ce453e9e344ae5899c991a34877cce81c768559807222472f86bdea79cf93f

  • SHA512

    6568023012ead7fd0b19ecc5ef450837cd1e7966b3c081e3769e25764247d3e033a1edffa9cfc28b69ab61a2588fcf9595adcd1468bdf4e8a4d4abdfa15c582a

  • SSDEEP

    24576:0qoYx/DYG9XLUgelgfY9yd0AkFaPUnB97stYY:BpDYvjnB9QYY

Score
10/10
redlinesectopratproliv2infostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

Proliv2

C2

176.57.71.68:37814

Attributes
  • auth_value

    6e134fbe11e1fba7052c029b94245b55

Targets

    • Target

      60e2e3e3ddca82336695b757d1bc291b_JaffaCakes118

    • Size

      840KB

    • MD5

      60e2e3e3ddca82336695b757d1bc291b

    • SHA1

      d354e37dfe4187674e2f56509626212c26cbb4cc

    • SHA256

      86ce453e9e344ae5899c991a34877cce81c768559807222472f86bdea79cf93f

    • SHA512

      6568023012ead7fd0b19ecc5ef450837cd1e7966b3c081e3769e25764247d3e033a1edffa9cfc28b69ab61a2588fcf9595adcd1468bdf4e8a4d4abdfa15c582a

    • SSDEEP

      24576:0qoYx/DYG9XLUgelgfY9yd0AkFaPUnB97stYY:BpDYvjnB9QYY

    Score
    10/10
    redlinesectopratproliv2infostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks