General

  • Target

    d43528ac7941cf3fa54274ee76f02f4a_JaffaCakes118

  • Size

    358KB

  • Sample

    240405-p3w23scf3z

  • MD5

    d43528ac7941cf3fa54274ee76f02f4a

  • SHA1

    94c0e9506f2386171f794277a02ccfaae3e56363

  • SHA256

    4dff1d1945f5dc9eb7a653e93b2e63c63cffbbb5c7c7ba2c4e6cbe01af12c60d

  • SHA512

    76d032af911d17790f496385e910b987fbd9faf512a24bf3c350b3adfd1749577d7178fc2f95fce78497948d4330f9a7321a49888e701ca85590732907b8829f

  • SSDEEP

    6144:m0W8qw2TmkM6PoqYb7f+kru05z9yC4aNQfPh3MmUVx98aCYcW5S:7vqzL093flu69yC4a8FCH8ocW5S

Malware Config

Extracted

Family

redline

Botnet

part1

C2

45.9.20.107:46187

Attributes
  • auth_value

    60c75f1e2d31f6bac6dd7edad67d8615

Targets

    • Target

      d43528ac7941cf3fa54274ee76f02f4a_JaffaCakes118

    • Size

      358KB

    • MD5

      d43528ac7941cf3fa54274ee76f02f4a

    • SHA1

      94c0e9506f2386171f794277a02ccfaae3e56363

    • SHA256

      4dff1d1945f5dc9eb7a653e93b2e63c63cffbbb5c7c7ba2c4e6cbe01af12c60d

    • SHA512

      76d032af911d17790f496385e910b987fbd9faf512a24bf3c350b3adfd1749577d7178fc2f95fce78497948d4330f9a7321a49888e701ca85590732907b8829f

    • SSDEEP

      6144:m0W8qw2TmkM6PoqYb7f+kru05z9yC4aNQfPh3MmUVx98aCYcW5S:7vqzL093flu69yC4a8FCH8ocW5S

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks