Overview

overview

10

Static

static

3

e7d9cc546a...18.exe

windows7-x64

10

e7d9cc546a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e7d9cc546aa4695d566c47db6c369de8_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240408-tgmnqsgf7y

  • MD5

    e7d9cc546aa4695d566c47db6c369de8

  • SHA1

    d8478df55cebc6bdbf4567933ff3b886cdbb52b1

  • SHA256

    14c8c5c3a4f905f547b088b8f6309e2b3829d12b31360e4fa52997c7a52eb40a

  • SHA512

    6af068a3c731d7b5ac14bd680319d1fee8ed5db46a2821f28bc90cf443f23c04bfc09fef22494b4c031d961af442772ae09268d4c58298d4c091bee7359eb980

  • SSDEEP

    24576:cgWDbg57xheYeAtGkRjZlWhBz03Zr8PJga:cAH6A9jZwzg3Zkga

Score
10/10
redlinesectopratytzipinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

ytzip

C2

135.148.139.222:33569

Targets

    • Target

      e7d9cc546aa4695d566c47db6c369de8_JaffaCakes118

    • Size

      1.2MB

    • MD5

      e7d9cc546aa4695d566c47db6c369de8

    • SHA1

      d8478df55cebc6bdbf4567933ff3b886cdbb52b1

    • SHA256

      14c8c5c3a4f905f547b088b8f6309e2b3829d12b31360e4fa52997c7a52eb40a

    • SHA512

      6af068a3c731d7b5ac14bd680319d1fee8ed5db46a2821f28bc90cf443f23c04bfc09fef22494b4c031d961af442772ae09268d4c58298d4c091bee7359eb980

    • SSDEEP

      24576:cgWDbg57xheYeAtGkRjZlWhBz03Zr8PJga:cAH6A9jZwzg3Zkga

    Score
    10/10
    redlinesectopratytzipinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks