Overview

overview

10

Static

static

3

85c2b4dc42...18.exe

windows7-x64

10

85c2b4dc42...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85c2b4dc426a3020849e4e44d6d356f7_JaffaCakes118

  • Size

    390KB

  • Sample

    240402-hvh2xsba77

  • MD5

    85c2b4dc426a3020849e4e44d6d356f7

  • SHA1

    fd02152e31c1650d695ce7b541fb5f6f621dc7ef

  • SHA256

    0392bf70244ded4e9d61bdb9197864881a4f5c85a8314b675388e54b8080c3fb

  • SHA512

    3debd56e029df875ee17459305d28665ebc8d41cd9cb59afbf7f4a8d1453219a802d573dd35c9d68ee7630250caf6235ee6272a93607cfd890cf3c22976e93d9

  • SSDEEP

    6144:SNsixpSUnmJLee1Mjlua+Eob/XNJN4cIQ5cOfmmGDOwqk3K9GLy:esDWmJL91MluGu/J4cIQ59GywqkZ

Score
10/10
redlinesectopratpaladininfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

37.228.129.48:29795

Attributes
  • auth_value

    f27db372188045eefdf974196ead3dae

Targets

    • Target

      85c2b4dc426a3020849e4e44d6d356f7_JaffaCakes118

    • Size

      390KB

    • MD5

      85c2b4dc426a3020849e4e44d6d356f7

    • SHA1

      fd02152e31c1650d695ce7b541fb5f6f621dc7ef

    • SHA256

      0392bf70244ded4e9d61bdb9197864881a4f5c85a8314b675388e54b8080c3fb

    • SHA512

      3debd56e029df875ee17459305d28665ebc8d41cd9cb59afbf7f4a8d1453219a802d573dd35c9d68ee7630250caf6235ee6272a93607cfd890cf3c22976e93d9

    • SSDEEP

      6144:SNsixpSUnmJLee1Mjlua+Eob/XNJN4cIQ5cOfmmGDOwqk3K9GLy:esDWmJL91MluGu/J4cIQ59GywqkZ

    Score
    10/10
    redlinesectopratpaladininfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks