General

  • Target

    d9032bc7826cd76587fe3c22456072bd_JaffaCakes118

  • Size

    385KB

  • Sample

    240405-t4ld7ahe45

  • MD5

    d9032bc7826cd76587fe3c22456072bd

  • SHA1

    faf0cb0f02c8890cbaf444aca4682c62405e83ce

  • SHA256

    c41f6367eb54e83d287477aca9be26ef7e93f9f3595c32abdd33a22bbdd7e8c3

  • SHA512

    59c41fc5e237b91f3ea7acf529c69cdcf5955d8387f8e8e4007e28fb93a16e6f9e5d103732b8b404883989106b39a31d31b4fac292f5c454d57b83f865976948

  • SSDEEP

    12288:Bux77KTAfz9E0Zq+g9mudQOK9RJ2oip2S3:cxA6Vg9mOKh2

Malware Config

Extracted

Family

redline

Botnet

part1

C2

45.9.20.107:46187

Attributes
  • auth_value

    60c75f1e2d31f6bac6dd7edad67d8615

Targets

    • Target

      d9032bc7826cd76587fe3c22456072bd_JaffaCakes118

    • Size

      385KB

    • MD5

      d9032bc7826cd76587fe3c22456072bd

    • SHA1

      faf0cb0f02c8890cbaf444aca4682c62405e83ce

    • SHA256

      c41f6367eb54e83d287477aca9be26ef7e93f9f3595c32abdd33a22bbdd7e8c3

    • SHA512

      59c41fc5e237b91f3ea7acf529c69cdcf5955d8387f8e8e4007e28fb93a16e6f9e5d103732b8b404883989106b39a31d31b4fac292f5c454d57b83f865976948

    • SSDEEP

      12288:Bux77KTAfz9E0Zq+g9mudQOK9RJ2oip2S3:cxA6Vg9mOKh2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks