General

  • Target

    de1fd0a630275b284af95ec3e386b7f0_JaffaCakes118

  • Size

    4.7MB

  • Sample

    240406-hn6veadf63

  • MD5

    de1fd0a630275b284af95ec3e386b7f0

  • SHA1

    e26ce8ea5d925ca5de4f7e6c321b6971788dc9c7

  • SHA256

    22436951c8057dd93d6d2da55a46c524151ba690a906f047582fc8aaa309e892

  • SHA512

    d649c27d3f1c382d1e1cfd10380637dd1c63123f253abb6b6b37c8f6e2ef1bec832111bfd0a32ab36ef30b57b898cbc5be09a0f0b320e27e9d7335c36e8886f5

  • SSDEEP

    98304:4LrzJnnA7X2Cb/WQHffKxv6X0gCNAuCNPanPQ6DoB+NZj2sA7V9Nic:clnAOQ6VplixNPanTo8g7rZ

Malware Config

Extracted

Family

redline

Botnet

2047736222

C2

94.26.248.120:63731

Attributes
  • auth_value

    ee8187fd574be73a935e073f8b5705eb

Targets

    • Target

      de1fd0a630275b284af95ec3e386b7f0_JaffaCakes118

    • Size

      4.7MB

    • MD5

      de1fd0a630275b284af95ec3e386b7f0

    • SHA1

      e26ce8ea5d925ca5de4f7e6c321b6971788dc9c7

    • SHA256

      22436951c8057dd93d6d2da55a46c524151ba690a906f047582fc8aaa309e892

    • SHA512

      d649c27d3f1c382d1e1cfd10380637dd1c63123f253abb6b6b37c8f6e2ef1bec832111bfd0a32ab36ef30b57b898cbc5be09a0f0b320e27e9d7335c36e8886f5

    • SSDEEP

      98304:4LrzJnnA7X2Cb/WQHffKxv6X0gCNAuCNPanPQ6DoB+NZj2sA7V9Nic:clnAOQ6VplixNPanTo8g7rZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks