General

  • Target

    a5058f0c8a12e82ee4cd0c922127953b_JaffaCakes118

  • Size

    440KB

  • Sample

    240818-cvj2bstbjn

  • MD5

    a5058f0c8a12e82ee4cd0c922127953b

  • SHA1

    c185e04a9b51c818c49c6ccc27cca1c674906ec3

  • SHA256

    5fbbf8d74c8a2b3f6aabf4a95c1b68d9b5ce182ebd19c1f3c8eed44fdddc72c1

  • SHA512

    19714b2d5b6c228245c68672ec677cab054f8532991078c628c462ab9d131ba4b3defb1c953198f6132a55160d40acf42cd56cc0356a8f905d96f51c0ce5f7c7

  • SSDEEP

    12288:ZSovggCj/bNcJjSOuBP4RylPhzQAgez64ehg:ZCjmlSOurPiTeBehg

Malware Config

Extracted

Family

redline

C2

195.2.93.217:59309

Targets

    • Target

      a5058f0c8a12e82ee4cd0c922127953b_JaffaCakes118

    • Size

      440KB

    • MD5

      a5058f0c8a12e82ee4cd0c922127953b

    • SHA1

      c185e04a9b51c818c49c6ccc27cca1c674906ec3

    • SHA256

      5fbbf8d74c8a2b3f6aabf4a95c1b68d9b5ce182ebd19c1f3c8eed44fdddc72c1

    • SHA512

      19714b2d5b6c228245c68672ec677cab054f8532991078c628c462ab9d131ba4b3defb1c953198f6132a55160d40acf42cd56cc0356a8f905d96f51c0ce5f7c7

    • SSDEEP

      12288:ZSovggCj/bNcJjSOuBP4RylPhzQAgez64ehg:ZCjmlSOurPiTeBehg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks