General

  • Target

    57bb460a8bf8acfea0549697041eafb6_JaffaCakes118

  • Size

    2.3MB

  • Sample

    240718-rlcm8asbnq

  • MD5

    57bb460a8bf8acfea0549697041eafb6

  • SHA1

    adb1379ea4a1205e98dd99ae29b938561e450d40

  • SHA256

    9f57d5e9bbe20d0158d6515f9bfcea72f32fc4d5de218d5444a44de0d9f54e31

  • SHA512

    40c1288e06925888eedb1e12a4db905402a9601663eabd9f8aac9747d5bcfc0d4bdb8555415db5c06f07719271ffbbc21caa74e930a3568fba90ce0c69726bb7

  • SSDEEP

    49152:x5+hFZ7+7m4f9deH2iiKyrGNG9nbbRI4YewCxiz8lVHTIioOFZQ+g:x5aFVqqMKyyNG9nYMxiqZ7g

Malware Config

Extracted

Family

redline

Botnet

@leepsy_ns

C2

45.132.104.217:12780

Targets

    • Target

      57bb460a8bf8acfea0549697041eafb6_JaffaCakes118

    • Size

      2.3MB

    • MD5

      57bb460a8bf8acfea0549697041eafb6

    • SHA1

      adb1379ea4a1205e98dd99ae29b938561e450d40

    • SHA256

      9f57d5e9bbe20d0158d6515f9bfcea72f32fc4d5de218d5444a44de0d9f54e31

    • SHA512

      40c1288e06925888eedb1e12a4db905402a9601663eabd9f8aac9747d5bcfc0d4bdb8555415db5c06f07719271ffbbc21caa74e930a3568fba90ce0c69726bb7

    • SSDEEP

      49152:x5+hFZ7+7m4f9deH2iiKyrGNG9nbbRI4YewCxiz8lVHTIioOFZQ+g:x5aFVqqMKyyNG9nYMxiqZ7g

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks