General

  • Target

    d4f571f4ec545df75b548c1f4b4e186f_JaffaCakes118

  • Size

    326KB

  • Sample

    240405-qpnn8adg66

  • MD5

    d4f571f4ec545df75b548c1f4b4e186f

  • SHA1

    e83f2c0c9dafbd70423f02f4ad7afce5fa9f136d

  • SHA256

    1a6927123dcc345fcf81f07921d34c098b3a16c526f40f1e4d624e60f8e83892

  • SHA512

    01bbb6177d7dc0008eb521048e0d633ba2ccaac8659b06ad930c14a9d0f350871ce8777b60417ea8a5d0d2687512690ddaf9e1b98c1ea2ecb6204b64c3fbb412

  • SSDEEP

    6144:bxPOAfsdY0LoOaYo7jaO00ssjxAODFCSRFiItdlBgoySu6buzy:bxmGsdY0LoOaHWAiQeoNPgy

Malware Config

Extracted

Family

redline

Botnet

@Ant0nPavlov

C2

5.188.118.163:80

Attributes
  • auth_value

    9bde7608ef33d6cbd8c01687cdd53196

Targets

    • Target

      d4f571f4ec545df75b548c1f4b4e186f_JaffaCakes118

    • Size

      326KB

    • MD5

      d4f571f4ec545df75b548c1f4b4e186f

    • SHA1

      e83f2c0c9dafbd70423f02f4ad7afce5fa9f136d

    • SHA256

      1a6927123dcc345fcf81f07921d34c098b3a16c526f40f1e4d624e60f8e83892

    • SHA512

      01bbb6177d7dc0008eb521048e0d633ba2ccaac8659b06ad930c14a9d0f350871ce8777b60417ea8a5d0d2687512690ddaf9e1b98c1ea2ecb6204b64c3fbb412

    • SSDEEP

      6144:bxPOAfsdY0LoOaYo7jaO00ssjxAODFCSRFiItdlBgoySu6buzy:bxmGsdY0LoOaHWAiQeoNPgy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks