General

  • Target

    d7fe40517145ca8e94facf91cb174707_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240405-s9ye9sge96

  • MD5

    d7fe40517145ca8e94facf91cb174707

  • SHA1

    1859bfb048986f52b7adf97b3c44af66f021cd38

  • SHA256

    c61c72e5a75b5e9753fb52e3c7c925c408abfdcc4e626211e5faddbc8aeb6130

  • SHA512

    b94ad2704bfb1ed4a130c2441ed0dbf210ae79f26a82c62224c79f27f98b4c2b623b082c9dda898a53cf0cca32909523df5f546895733ac558e9b9114200f35b

  • SSDEEP

    12288:2ZZGC0x5UfwsbIr9Fn5SgcQ2HNv7VyUrx/gK4Z4+TWsLfAyWotrUCm9FVNp7lkTe:WYNp5Fn5rZq4TffrO

Malware Config

Extracted

Family

redline

C2

141.94.188.138:46419

Attributes
  • auth_value

    3f48b95855158031ae9e7dafcb203009

Targets

    • Target

      d7fe40517145ca8e94facf91cb174707_JaffaCakes118

    • Size

      2.1MB

    • MD5

      d7fe40517145ca8e94facf91cb174707

    • SHA1

      1859bfb048986f52b7adf97b3c44af66f021cd38

    • SHA256

      c61c72e5a75b5e9753fb52e3c7c925c408abfdcc4e626211e5faddbc8aeb6130

    • SHA512

      b94ad2704bfb1ed4a130c2441ed0dbf210ae79f26a82c62224c79f27f98b4c2b623b082c9dda898a53cf0cca32909523df5f546895733ac558e9b9114200f35b

    • SSDEEP

      12288:2ZZGC0x5UfwsbIr9Fn5SgcQ2HNv7VyUrx/gK4Z4+TWsLfAyWotrUCm9FVNp7lkTe:WYNp5Fn5rZq4TffrO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks