General

  • Target

    e44f2cdc66c0668925a19856a3f40147_JaffaCakes118

  • Size

    4.0MB

  • Sample

    240407-hh4g4afc5w

  • MD5

    e44f2cdc66c0668925a19856a3f40147

  • SHA1

    b77be2db365d2739245976aeff0888462eccdc88

  • SHA256

    916a277ee5139308e6b8bbf6bfbe794cf93c3acb19013c8f67364b178d4e6a0d

  • SHA512

    4dfb09e8209f12304e5b02a35d3ba93c7ea996495a2fdfb9619a90dfacb3742a84cac7cfca79ff5d66fcfa07891812a4ee8edb75c285cf60b10f3dc67d331bd8

  • SSDEEP

    98304:yxj4V805DXFBqc+AC5ofNlQIRRVuaqoCTz:CjAD18c1C5Q+IRRQaBCv

Malware Config

Extracted

Family

redline

Botnet

ogak2colpaka798

C2

185.172.129.61:39278

Targets

    • Target

      e44f2cdc66c0668925a19856a3f40147_JaffaCakes118

    • Size

      4.0MB

    • MD5

      e44f2cdc66c0668925a19856a3f40147

    • SHA1

      b77be2db365d2739245976aeff0888462eccdc88

    • SHA256

      916a277ee5139308e6b8bbf6bfbe794cf93c3acb19013c8f67364b178d4e6a0d

    • SHA512

      4dfb09e8209f12304e5b02a35d3ba93c7ea996495a2fdfb9619a90dfacb3742a84cac7cfca79ff5d66fcfa07891812a4ee8edb75c285cf60b10f3dc67d331bd8

    • SSDEEP

      98304:yxj4V805DXFBqc+AC5ofNlQIRRVuaqoCTz:CjAD18c1C5Q+IRRQaBCv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks