General

  • Target

    e43e256e25ae236683629e5f1bdfd49a_JaffaCakes118

  • Size

    105KB

  • Sample

    240407-gxmmfsfc46

  • MD5

    e43e256e25ae236683629e5f1bdfd49a

  • SHA1

    18620cb00514323e5fb96a5257b600901626918e

  • SHA256

    b5958c82e1d23456a8ff6cc1e4022a40d6b8d47bcb9b5f7157c4494b9e49165c

  • SHA512

    7d43cf0a2d5b07734a97cc24c4541e741754be8bda314f7fe0f31b9c400a62c9193fac3e935c39ab63bf25306c9177cc61549ab416281ea22f213daf28d47388

  • SSDEEP

    1536:A3LNmoce2SZgjeADKsBwUJFc+smbfexvxuvCyyedge3wxqCxXsEqG6ijoigJ+:AxmocrrJ3hgxuKyzdM8SnC+

Malware Config

Extracted

Family

redline

Botnet

zxc

C2

77.232.43.79:57581

Targets

    • Target

      e43e256e25ae236683629e5f1bdfd49a_JaffaCakes118

    • Size

      105KB

    • MD5

      e43e256e25ae236683629e5f1bdfd49a

    • SHA1

      18620cb00514323e5fb96a5257b600901626918e

    • SHA256

      b5958c82e1d23456a8ff6cc1e4022a40d6b8d47bcb9b5f7157c4494b9e49165c

    • SHA512

      7d43cf0a2d5b07734a97cc24c4541e741754be8bda314f7fe0f31b9c400a62c9193fac3e935c39ab63bf25306c9177cc61549ab416281ea22f213daf28d47388

    • SSDEEP

      1536:A3LNmoce2SZgjeADKsBwUJFc+smbfexvxuvCyyedge3wxqCxXsEqG6ijoigJ+:AxmocrrJ3hgxuKyzdM8SnC+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks