General

  • Target

    d7468b518a60f478cc41c834209e2e3c_JaffaCakes118

  • Size

    402KB

  • Sample

    240405-sln7pafc9y

  • MD5

    d7468b518a60f478cc41c834209e2e3c

  • SHA1

    245a6793580533348333e4434fb33abf339f60d3

  • SHA256

    46a09c68f496c942f72911d98c955829e6616a3141a0a3b44cd9697236b31577

  • SHA512

    f3358adc4982beef303e0c92b6b7fa3021a6eaa9bf26e80697c9f725a2baeb260b5e685cdb0bc69cd25548e8a89808e51fb305baa806428dc6e6eb249c440a95

  • SSDEEP

    6144:2fq2yNJswyINZTiD1lkcNgVVdGTjIL8Iak6RSJqcy2FC7Tm57Q24:cy7swhzmplJNgVVoTUL8Iak6Rt2FC7S

Malware Config

Extracted

Family

redline

Botnet

money

C2

45.142.215.47:27643

Attributes
  • auth_value

    9491a1c5e11eb6097e68a4fa8627fda8

Targets

    • Target

      d7468b518a60f478cc41c834209e2e3c_JaffaCakes118

    • Size

      402KB

    • MD5

      d7468b518a60f478cc41c834209e2e3c

    • SHA1

      245a6793580533348333e4434fb33abf339f60d3

    • SHA256

      46a09c68f496c942f72911d98c955829e6616a3141a0a3b44cd9697236b31577

    • SHA512

      f3358adc4982beef303e0c92b6b7fa3021a6eaa9bf26e80697c9f725a2baeb260b5e685cdb0bc69cd25548e8a89808e51fb305baa806428dc6e6eb249c440a95

    • SSDEEP

      6144:2fq2yNJswyINZTiD1lkcNgVVdGTjIL8Iak6RSJqcy2FC7Tm57Q24:cy7swhzmplJNgVVoTUL8Iak6Rt2FC7S

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks