General

  • Target

    d8d0425e4ccb4b09d0e380dc52501d95_JaffaCakes118

  • Size

    154KB

  • Sample

    240405-tyk68sgg7y

  • MD5

    d8d0425e4ccb4b09d0e380dc52501d95

  • SHA1

    a01f336a83ee8aa80be0201c4ce593c2560881a5

  • SHA256

    80b8346e9233301cde3baf92a18baf30971039f02034e96d00f299563bcd787c

  • SHA512

    6a12b159c4c1a9194516becc0acf3c38fb2af5df373dd93126a6d12bd716b1b521e0bcf0f7a821b965e7e03dabd264ef3c30ee5acf481fb89a69d8feb8e34cc3

  • SSDEEP

    3072:dLNlaab8JsSFU8Y0gvRrkb4oreOcVfWv4lFr85l6JlaKi6Qir9:praaUZ7YnOb4seLfe4E5l6Jlai

Malware Config

Extracted

Family

redline

C2

141.94.188.138:46419

Attributes
  • auth_value

    3f48b95855158031ae9e7dafcb203009

Targets

    • Target

      d8d0425e4ccb4b09d0e380dc52501d95_JaffaCakes118

    • Size

      154KB

    • MD5

      d8d0425e4ccb4b09d0e380dc52501d95

    • SHA1

      a01f336a83ee8aa80be0201c4ce593c2560881a5

    • SHA256

      80b8346e9233301cde3baf92a18baf30971039f02034e96d00f299563bcd787c

    • SHA512

      6a12b159c4c1a9194516becc0acf3c38fb2af5df373dd93126a6d12bd716b1b521e0bcf0f7a821b965e7e03dabd264ef3c30ee5acf481fb89a69d8feb8e34cc3

    • SSDEEP

      3072:dLNlaab8JsSFU8Y0gvRrkb4oreOcVfWv4lFr85l6JlaKi6Qir9:praaUZ7YnOb4seLfe4E5l6Jlai

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks