General

  • Target

    57189ebda4e73310d12867ab65c984aa_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240718-m6s4gsvhkl

  • MD5

    57189ebda4e73310d12867ab65c984aa

  • SHA1

    2412b891b122f98ba80a467dc8f53b94e599fa1f

  • SHA256

    786937d0aeea999a694503623fc6d864aa25429a68f84cef4aad1cfd8beffd65

  • SHA512

    f388baa36658e5ed658048d74e1c7892257750211cd68bb6b5a036a07399fa029fb50f0df5228fdf15dd05df0c3c30b509bb25203462da16b8018fab788ec3a9

  • SSDEEP

    24576:lKhjs2H3kjgy4YxWjJkwc8GDyXc64P2oAcbRIHTShkHAgC2clY:KNH3NnYWjJczCc64uYbJhkHAAcK

Malware Config

Extracted

Family

redline

Botnet

@iam_82

C2

185.209.22.181:34925

Targets

    • Target

      57189ebda4e73310d12867ab65c984aa_JaffaCakes118

    • Size

      1.1MB

    • MD5

      57189ebda4e73310d12867ab65c984aa

    • SHA1

      2412b891b122f98ba80a467dc8f53b94e599fa1f

    • SHA256

      786937d0aeea999a694503623fc6d864aa25429a68f84cef4aad1cfd8beffd65

    • SHA512

      f388baa36658e5ed658048d74e1c7892257750211cd68bb6b5a036a07399fa029fb50f0df5228fdf15dd05df0c3c30b509bb25203462da16b8018fab788ec3a9

    • SSDEEP

      24576:lKhjs2H3kjgy4YxWjJkwc8GDyXc64P2oAcbRIHTShkHAgC2clY:KNH3NnYWjJczCc64uYbJhkHAAcK

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks