General

  • Target

    e4c21ad080ca997ba48e0168c9ae1820_JaffaCakes118

  • Size

    1012KB

  • Sample

    240407-m171fsbb4y

  • MD5

    e4c21ad080ca997ba48e0168c9ae1820

  • SHA1

    a772ab38c6283334bbba7e44b555a55978d45f08

  • SHA256

    243b2ee5d04e4a98b6fcdaf1ffdcc78ced750900d36de10b563f0a8cfabb4027

  • SHA512

    2b9a31a49539e74ac260b7dcec6d127db68e5388875f973776161548ce0686275075466ad22eaeefeb013c275dad539b15b9007dc84eced0a2036ee34bc37f31

  • SSDEEP

    24576:hp5vqtjh9PFbOSEzEkcwyXQ/ZPQtleIOOwJ:r5v+l9dbJY9yG1QIOs

Malware Config

Extracted

Family

redline

Botnet

Google

C2

45.67.231.194:29525

Targets

    • Target

      e4c21ad080ca997ba48e0168c9ae1820_JaffaCakes118

    • Size

      1012KB

    • MD5

      e4c21ad080ca997ba48e0168c9ae1820

    • SHA1

      a772ab38c6283334bbba7e44b555a55978d45f08

    • SHA256

      243b2ee5d04e4a98b6fcdaf1ffdcc78ced750900d36de10b563f0a8cfabb4027

    • SHA512

      2b9a31a49539e74ac260b7dcec6d127db68e5388875f973776161548ce0686275075466ad22eaeefeb013c275dad539b15b9007dc84eced0a2036ee34bc37f31

    • SSDEEP

      24576:hp5vqtjh9PFbOSEzEkcwyXQ/ZPQtleIOOwJ:r5v+l9dbJY9yG1QIOs

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks