General
-
Target
fe5e9fd459eca69963d33cf58bd7e539_JaffaCakes118
-
Size
789KB
-
Sample
240421-eghmfsad53
-
MD5
fe5e9fd459eca69963d33cf58bd7e539
-
SHA1
82f7adbb23bd4061dd82c2277af2ebdc773d2bb9
-
SHA256
6eb059da694e908fca6ca31a5bdf29ebb95ada210e666dfa171f9db4b2205b93
-
SHA512
cfa369e6d9a9585f11b9b4ada795f2e185c578bd8c07a3e03ef555c5c3bbb5895ff830115ebd9c1f24513011fe2aa56bea93b199c4bee2af5f399673a3bf95a8
-
SSDEEP
12288:LKmPsNe5DuJIU9NqvDhwZ6nw8u4y9fL0brZpZ40M2TNRCVwrMutT1FEg:LKMaXmvs6nw87Qf6rZpSPwC2MI/Eg
Malware Config
Extracted
redline
fl1
195.245.113.122:80
Targets
-
-
Target
fe5e9fd459eca69963d33cf58bd7e539_JaffaCakes118
-
Size
789KB
-
MD5
fe5e9fd459eca69963d33cf58bd7e539
-
SHA1
82f7adbb23bd4061dd82c2277af2ebdc773d2bb9
-
SHA256
6eb059da694e908fca6ca31a5bdf29ebb95ada210e666dfa171f9db4b2205b93
-
SHA512
cfa369e6d9a9585f11b9b4ada795f2e185c578bd8c07a3e03ef555c5c3bbb5895ff830115ebd9c1f24513011fe2aa56bea93b199c4bee2af5f399673a3bf95a8
-
SSDEEP
12288:LKmPsNe5DuJIU9NqvDhwZ6nw8u4y9fL0brZpZ40M2TNRCVwrMutT1FEg:LKMaXmvs6nw87Qf6rZpSPwC2MI/Eg
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-