General

  • Target

    e49b51b0b9c6c7e0ba32f793fee55b45_JaffaCakes118

  • Size

    2.3MB

  • Sample

    240407-lg4y1sac66

  • MD5

    e49b51b0b9c6c7e0ba32f793fee55b45

  • SHA1

    60f6316bf43e7bdf7098b6dd3bc719b42ae9018a

  • SHA256

    ce4349e7eeb9af88ba41065c179360bd4d2253d8324856896dc92ea178ff7b5c

  • SHA512

    3853a0cf0109387eb3753e83b624918f0dbb1e5df462a7ce7cc1209c9cccd147ba85b5878cb86d45c067c5eab6da5fa9f06d5b4aba22139692a73f4201a26c41

  • SSDEEP

    49152:35+hFRPnG6ztHsxpKPL1wtDmyPtlCK4UPlTt7536IAEoliv242Hxiz8lVHTIioOl:35aFRPnlMxpKPL2tDmqlO8N36G5sxiqH

Malware Config

Extracted

Family

redline

Botnet

@Yuki4onna

C2

77.220.214.232:13459

Targets

    • Target

      e49b51b0b9c6c7e0ba32f793fee55b45_JaffaCakes118

    • Size

      2.3MB

    • MD5

      e49b51b0b9c6c7e0ba32f793fee55b45

    • SHA1

      60f6316bf43e7bdf7098b6dd3bc719b42ae9018a

    • SHA256

      ce4349e7eeb9af88ba41065c179360bd4d2253d8324856896dc92ea178ff7b5c

    • SHA512

      3853a0cf0109387eb3753e83b624918f0dbb1e5df462a7ce7cc1209c9cccd147ba85b5878cb86d45c067c5eab6da5fa9f06d5b4aba22139692a73f4201a26c41

    • SSDEEP

      49152:35+hFRPnG6ztHsxpKPL1wtDmyPtlCK4UPlTt7536IAEoliv242Hxiz8lVHTIioOl:35aFRPnlMxpKPL2tDmqlO8N36G5sxiqH

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks