Overview

overview

10

Static

static

3

f1d80d08c2...18.exe

windows7-x64

10

f1d80d08c2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1d80d08c2254de011013a6b0bb40450_JaffaCakes118

  • Size

    191KB

  • Sample

    240415-y4y3hahe3w

  • MD5

    f1d80d08c2254de011013a6b0bb40450

  • SHA1

    93c1cf0c0ccf112b645a406c467c55d6c7c7257b

  • SHA256

    9365864ba2cd9a14dbc860dc8b59caa508b3fb169a34a074e7863aa8c876bdd9

  • SHA512

    e470b967ca7d0e34d3757ced7950f7c8011d632040a5df16933f6c02c61b975a56ba732901d895ee989380c45e56ada9e46ef63265aed1a8cce74ebc1158e676

  • SSDEEP

    3072:GigNpNcLgyZkiRAZPb7eUKmSvizIVKh7jAdGvXCKAbPUO8xve1KjkcDIVTFV2Mu:GtNzIxDRAZP/eUKmSvizIV27vXCKpxvl

Score
10/10
redlinesectoprat723infostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

723

C2

qumaranero.xyz:80

Targets

    • Target

      f1d80d08c2254de011013a6b0bb40450_JaffaCakes118

    • Size

      191KB

    • MD5

      f1d80d08c2254de011013a6b0bb40450

    • SHA1

      93c1cf0c0ccf112b645a406c467c55d6c7c7257b

    • SHA256

      9365864ba2cd9a14dbc860dc8b59caa508b3fb169a34a074e7863aa8c876bdd9

    • SHA512

      e470b967ca7d0e34d3757ced7950f7c8011d632040a5df16933f6c02c61b975a56ba732901d895ee989380c45e56ada9e46ef63265aed1a8cce74ebc1158e676

    • SSDEEP

      3072:GigNpNcLgyZkiRAZPb7eUKmSvizIVKh7jAdGvXCKAbPUO8xve1KjkcDIVTFV2Mu:GtNzIxDRAZP/eUKmSvizIV27vXCKpxvl

    Score
    10/10
    redlinesectoprat723infostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks