General

  • Target

    e4244e9684651daa3d583f5e324029b9_JaffaCakes118

  • Size

    380KB

  • Sample

    240407-fxj1wsec49

  • MD5

    e4244e9684651daa3d583f5e324029b9

  • SHA1

    f978f7449fde3b4585309aec7ad1d7b2783addd4

  • SHA256

    c806b2ab450d3412c4a6a3ccb57a54ce112072ae70367a4d86a23dd9128c6da6

  • SHA512

    0ce8a6dac0f6edcd0f38e6765ba434d6b43800acff35a1b2f4fd6b3bda356920a070d18d4e42fe09c6585378a7e31996af036aa0f6aaddacc691edf6c5ace513

  • SSDEEP

    6144:KWaqflbkV08tDlfxai52zwKOiLq6MhqHlqgbzlPBIAUEPIl6X6jYAV:Xk68hlfB2k7i26M4FFd5hUo6c4

Malware Config

Extracted

Family

redline

Botnet

Master Of Puppets

C2

45.140.146.214:3287

Targets

    • Target

      e4244e9684651daa3d583f5e324029b9_JaffaCakes118

    • Size

      380KB

    • MD5

      e4244e9684651daa3d583f5e324029b9

    • SHA1

      f978f7449fde3b4585309aec7ad1d7b2783addd4

    • SHA256

      c806b2ab450d3412c4a6a3ccb57a54ce112072ae70367a4d86a23dd9128c6da6

    • SHA512

      0ce8a6dac0f6edcd0f38e6765ba434d6b43800acff35a1b2f4fd6b3bda356920a070d18d4e42fe09c6585378a7e31996af036aa0f6aaddacc691edf6c5ace513

    • SSDEEP

      6144:KWaqflbkV08tDlfxai52zwKOiLq6MhqHlqgbzlPBIAUEPIl6X6jYAV:Xk68hlfB2k7i26M4FFd5hUo6c4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks