General

  • Target

    e40e3f4f84ed037dd5578171a9afff42_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240407-e3h54sde34

  • MD5

    e40e3f4f84ed037dd5578171a9afff42

  • SHA1

    c84bf92d9e4a4380494c364e15e7dca973ad03c7

  • SHA256

    9847f500cddca4d0452b93dcf27f7dbd80f25a10fbf4b71b5ed366a21ac2dceb

  • SHA512

    d826f9485161d7224e8883877655fc5618592237569360f64ceb9d9e583e229cf5398a5ca7b20f8d154d646d31bebfcdb391eab90429b153c8fb025548034f3e

  • SSDEEP

    6144:PLvCkrDR6/kxMMms/0gwqPSm58pF95fHKq:PLvxrDR6AMMms/0gwYSm58pF95fHKq

Malware Config

Extracted

Family

redline

Botnet

@d1m0ndz

C2

ierinapu.xyz:80

Targets

    • Target

      e40e3f4f84ed037dd5578171a9afff42_JaffaCakes118

    • Size

      1.3MB

    • MD5

      e40e3f4f84ed037dd5578171a9afff42

    • SHA1

      c84bf92d9e4a4380494c364e15e7dca973ad03c7

    • SHA256

      9847f500cddca4d0452b93dcf27f7dbd80f25a10fbf4b71b5ed366a21ac2dceb

    • SHA512

      d826f9485161d7224e8883877655fc5618592237569360f64ceb9d9e583e229cf5398a5ca7b20f8d154d646d31bebfcdb391eab90429b153c8fb025548034f3e

    • SSDEEP

      6144:PLvCkrDR6/kxMMms/0gwqPSm58pF95fHKq:PLvxrDR6AMMms/0gwYSm58pF95fHKq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks