Overview

overview

10

Static

static

3

b0be1a6928...18.exe

windows7-x64

10

b0be1a6928...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0be1a6928316ef41ef9565e34043198_JaffaCakes118

  • Size

    405KB

  • Sample

    240404-fzm6bsgc23

  • MD5

    b0be1a6928316ef41ef9565e34043198

  • SHA1

    a3b6b3d4874388a3100360298bf91a0ff8df8115

  • SHA256

    d12b53aa0b3111263adaf71e51eeab2ba64ca6c4525800af541767fd90346039

  • SHA512

    a3f6558b74d887bad616495c9827666fc1c772c624012baf08e03767d8d9ed589bcc0b1ede20ee51fca77a0357b9218309d28fecb66e60dfb637f558c2dc6d52

  • SSDEEP

    12288:pl4/h+lXvk1Ua37fkVHYkldnS57CvaamH7XL:pl45+lK337iHA57CvOXL

Score
10/10
redlinesectopratpubinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

PUB

C2

45.9.20.182:52236

Attributes
  • auth_value

    a272f3a2850ec3dccdaed97234b7c40e

Targets

    • Target

      b0be1a6928316ef41ef9565e34043198_JaffaCakes118

    • Size

      405KB

    • MD5

      b0be1a6928316ef41ef9565e34043198

    • SHA1

      a3b6b3d4874388a3100360298bf91a0ff8df8115

    • SHA256

      d12b53aa0b3111263adaf71e51eeab2ba64ca6c4525800af541767fd90346039

    • SHA512

      a3f6558b74d887bad616495c9827666fc1c772c624012baf08e03767d8d9ed589bcc0b1ede20ee51fca77a0357b9218309d28fecb66e60dfb637f558c2dc6d52

    • SSDEEP

      12288:pl4/h+lXvk1Ua37fkVHYkldnS57CvaamH7XL:pl45+lK337iHA57CvOXL

    Score
    10/10
    redlinesectopratpubinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks