General

  • Target

    d4a4093dcc7dabb6e9d9b57aaa159ac9_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240405-qfy4lada31

  • MD5

    d4a4093dcc7dabb6e9d9b57aaa159ac9

  • SHA1

    157f7306ff5b4ff9332570d631f7d5ce27df78cd

  • SHA256

    dc050b963c642e86bf74da5e85fbfcb0b3c12bd692808bf8ae12a36f4bcf3c84

  • SHA512

    1c18849340624cd1f5d2bd9207704cf6c7fb82d7d885da9f5af02f1af146b049242dfcfcf41bce94831e9d7c0eb13931f2046b28cf3a88a21f7abff456b9886d

  • SSDEEP

    24576:FFofQDykb6wCihobn3IZCIPrU+k1MeKn1v2nuktSTm:Hykb3CT0ZbPRk1/K1eptE

Malware Config

Extracted

Family

redline

Botnet

@pjuai123

C2

185.209.22.181:34925

Attributes
  • auth_value

    5a0918bd3e8ede8e02c8dd9d106a996d

Targets

    • Target

      d4a4093dcc7dabb6e9d9b57aaa159ac9_JaffaCakes118

    • Size

      1.1MB

    • MD5

      d4a4093dcc7dabb6e9d9b57aaa159ac9

    • SHA1

      157f7306ff5b4ff9332570d631f7d5ce27df78cd

    • SHA256

      dc050b963c642e86bf74da5e85fbfcb0b3c12bd692808bf8ae12a36f4bcf3c84

    • SHA512

      1c18849340624cd1f5d2bd9207704cf6c7fb82d7d885da9f5af02f1af146b049242dfcfcf41bce94831e9d7c0eb13931f2046b28cf3a88a21f7abff456b9886d

    • SSDEEP

      24576:FFofQDykb6wCihobn3IZCIPrU+k1MeKn1v2nuktSTm:Hykb3CT0ZbPRk1/K1eptE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks