General

  • Target

    ab65b26d42f98dbc6933d96c45b01774_JaffaCakes118

  • Size

    387KB

  • Sample

    240819-rvd8easglr

  • MD5

    ab65b26d42f98dbc6933d96c45b01774

  • SHA1

    a2e460dac818ddee85445471e01215b585bce688

  • SHA256

    c0fe41fb6c2ff9e04d8c071514f542f493003b34f4da462866402a42d02f459f

  • SHA512

    a52edf18176186d8f0e1c5cce40c379a8d086b94469e96425618bf4f21b53bb5c22a026142e7240d86db44fd7a0bf270430e2bf7f00a986265808245d8169b89

  • SSDEEP

    6144:yufXEnYR4tz5xxVMj1Lj7fMZ5tfjwOuhiPORROhxxpeTr/ekI:r/EtlxwjZ+5JjhXPOGzxp6L

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

178.63.26.132:29795

Targets

    • Target

      ab65b26d42f98dbc6933d96c45b01774_JaffaCakes118

    • Size

      387KB

    • MD5

      ab65b26d42f98dbc6933d96c45b01774

    • SHA1

      a2e460dac818ddee85445471e01215b585bce688

    • SHA256

      c0fe41fb6c2ff9e04d8c071514f542f493003b34f4da462866402a42d02f459f

    • SHA512

      a52edf18176186d8f0e1c5cce40c379a8d086b94469e96425618bf4f21b53bb5c22a026142e7240d86db44fd7a0bf270430e2bf7f00a986265808245d8169b89

    • SSDEEP

      6144:yufXEnYR4tz5xxVMj1Lj7fMZ5tfjwOuhiPORROhxxpeTr/ekI:r/EtlxwjZ+5JjhXPOGzxp6L

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks