General

  • Target

    4e1868e7601e5cb9f6d454758df69c99_JaffaCakes118

  • Size

    321KB

  • Sample

    240716-nhxmfazeqq

  • MD5

    4e1868e7601e5cb9f6d454758df69c99

  • SHA1

    dfa929d27d132dec3532f84ef44957fcbb2e8b28

  • SHA256

    c0106f208713f7d49ec131336406dd1d0af5b1dbda9bb4e94b2dc9439104863b

  • SHA512

    12414ec1d76d22ea44b55f70a489eda7ee6692a6ea1a7f5d439f62afc24ca8cab48483b0b429b3b954fae1928404427cf09106a5fbfed6966251f0ed95a2e7c5

  • SSDEEP

    3072:r64XAlTrgcLSsfqdleoLBu6v1p2x+xpp3xG3H92WlxfvvG3J:O1ksMrBHtpVBG3H9Lf3

Malware Config

Extracted

Family

redline

Botnet

CryptBuild

C2

46.175.146.11:41600

Targets

    • Target

      4e1868e7601e5cb9f6d454758df69c99_JaffaCakes118

    • Size

      321KB

    • MD5

      4e1868e7601e5cb9f6d454758df69c99

    • SHA1

      dfa929d27d132dec3532f84ef44957fcbb2e8b28

    • SHA256

      c0106f208713f7d49ec131336406dd1d0af5b1dbda9bb4e94b2dc9439104863b

    • SHA512

      12414ec1d76d22ea44b55f70a489eda7ee6692a6ea1a7f5d439f62afc24ca8cab48483b0b429b3b954fae1928404427cf09106a5fbfed6966251f0ed95a2e7c5

    • SSDEEP

      3072:r64XAlTrgcLSsfqdleoLBu6v1p2x+xpp3xG3H92WlxfvvG3J:O1ksMrBHtpVBG3H9Lf3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks