General
-
Target
3d94c97113665616bb2ff09440a5bc27_JaffaCakes118
-
Size
416KB
-
Sample
240712-qt4w1avhnr
-
MD5
3d94c97113665616bb2ff09440a5bc27
-
SHA1
5af98e2f9e6183427893987961e049362a57c702
-
SHA256
586465bf2feff2badcc4abc5e37c030cf8476b836c88803095ee6f53c6e35857
-
SHA512
5fa61c6fe9a622fc3553af05fd0e5d9600c05dd850f61cd756a79bcfc8e14812a2302387f966cefd651fae94080339c4d7f85184106af9253bb9828fee76a12c
-
SSDEEP
12288:tttEi0F8ltcKn2HMAS9iLW851+9dN7KOY8N9Oe+9lauWfx7sN8zkdI4+qWcpORzw:R0GZ2Ha9P8K9d9Kbn9
Malware Config
Extracted
redline
@lockfay
194.15.46.144:36848
Targets
-
-
Target
3d94c97113665616bb2ff09440a5bc27_JaffaCakes118
-
Size
416KB
-
MD5
3d94c97113665616bb2ff09440a5bc27
-
SHA1
5af98e2f9e6183427893987961e049362a57c702
-
SHA256
586465bf2feff2badcc4abc5e37c030cf8476b836c88803095ee6f53c6e35857
-
SHA512
5fa61c6fe9a622fc3553af05fd0e5d9600c05dd850f61cd756a79bcfc8e14812a2302387f966cefd651fae94080339c4d7f85184106af9253bb9828fee76a12c
-
SSDEEP
12288:tttEi0F8ltcKn2HMAS9iLW851+9dN7KOY8N9Oe+9lauWfx7sN8zkdI4+qWcpORzw:R0GZ2Ha9P8K9d9Kbn9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-