General

  • Target

    e45200d0fbf1f466a956725610124eac_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240407-hm7ejsfd3z

  • MD5

    e45200d0fbf1f466a956725610124eac

  • SHA1

    e272e2d6c2bf6a9497fd48500b1c088bbc90b9c4

  • SHA256

    d3cfc436366c9d127c7a6233f6531cf6e5863153b41ba4ab6f8fe87f473c8c9d

  • SHA512

    e852bff6f5887ebb1addfab53daea1235d632683cd6497fc0310a31a08e8254810f642f81bb1ea0cfdc6dde6b231c6bebc7c072016189a00542646521a53b5c2

  • SSDEEP

    24576:vpeyqYiQGwbogMvsJY1eI0HUYIXpxAax1Rp5RdifBG8sh/Z44juzr:INwMg1J7xtoLAax/zRhRRSzr

Malware Config

Extracted

Family

redline

Botnet

@ejorka

C2

185.209.22.181:34925

Attributes
  • auth_value

    5a0918bd3e8ede8e02c8dd9d106a996d

Targets

    • Target

      e45200d0fbf1f466a956725610124eac_JaffaCakes118

    • Size

      1.1MB

    • MD5

      e45200d0fbf1f466a956725610124eac

    • SHA1

      e272e2d6c2bf6a9497fd48500b1c088bbc90b9c4

    • SHA256

      d3cfc436366c9d127c7a6233f6531cf6e5863153b41ba4ab6f8fe87f473c8c9d

    • SHA512

      e852bff6f5887ebb1addfab53daea1235d632683cd6497fc0310a31a08e8254810f642f81bb1ea0cfdc6dde6b231c6bebc7c072016189a00542646521a53b5c2

    • SSDEEP

      24576:vpeyqYiQGwbogMvsJY1eI0HUYIXpxAax1Rp5RdifBG8sh/Z44juzr:INwMg1J7xtoLAax/zRhRRSzr

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks