General

  • Target

    26b43c14465533a6c8eda3fc39004f8d_JaffaCakes118

  • Size

    126KB

  • Sample

    240704-3w5mjawglj

  • MD5

    26b43c14465533a6c8eda3fc39004f8d

  • SHA1

    d27ddaaaff6f3a5f7764c19b852efec86d889d62

  • SHA256

    00a06fe9fdfca3e36d29757500c3ea69d1a58d6b261d31f1921c2dcc5a996f4d

  • SHA512

    23fd5f0a00ba1cc6a224e2abe786abaca736b0111def833b7f938dd0f1d66ee27a9825d56d17b1239a7e5a70ff5be828e222b582a6bae1a0063240b272bfb37e

  • SSDEEP

    1536:aKEYekjigc1arEZ0aO3G9m4VCj7AOz7HMWe5FhQYx1+GLEajB3K158ZCHg0RQ2Tv:W77pOzTE5FeEDzZiQQLMaZ

Malware Config

Extracted

Family

redline

Botnet

bfvtnbtrtewrhrweg

C2

94.242.224.249:12574

Targets

    • Target

      26b43c14465533a6c8eda3fc39004f8d_JaffaCakes118

    • Size

      126KB

    • MD5

      26b43c14465533a6c8eda3fc39004f8d

    • SHA1

      d27ddaaaff6f3a5f7764c19b852efec86d889d62

    • SHA256

      00a06fe9fdfca3e36d29757500c3ea69d1a58d6b261d31f1921c2dcc5a996f4d

    • SHA512

      23fd5f0a00ba1cc6a224e2abe786abaca736b0111def833b7f938dd0f1d66ee27a9825d56d17b1239a7e5a70ff5be828e222b582a6bae1a0063240b272bfb37e

    • SSDEEP

      1536:aKEYekjigc1arEZ0aO3G9m4VCj7AOz7HMWe5FhQYx1+GLEajB3K158ZCHg0RQ2Tv:W77pOzTE5FeEDzZiQQLMaZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks