General

  • Target

    b153fb7e3c389ea77b489faf835b11f6_JaffaCakes118

  • Size

    377KB

  • Sample

    240820-3r5fzazbkf

  • MD5

    b153fb7e3c389ea77b489faf835b11f6

  • SHA1

    aa9c8e45872597171e5ba21da6111b612ff51c00

  • SHA256

    3204893e4ca6c06b774a07b92f9a021fc073f2c630d0a62ecb2efeaeacc89556

  • SHA512

    bcd9d28dbc7ef21dde70f540d15b375a1edf906609f9cdc87281dd8d1aa329e4912bfd5f49aff8b58a703a74814ae0635df1325b7c55bf632bb85f280fce3e5a

  • SSDEEP

    6144:VebmkXPWL7gBOAgaCdCTeVMMF1+k05feCRdE9yEcZ0gsnAPROhxxpeTr/ekI:Vke4BOAg1Cxs1ihrdjEcZ0gyAUzxp6L

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

178.63.26.132:29795

Targets

    • Target

      b153fb7e3c389ea77b489faf835b11f6_JaffaCakes118

    • Size

      377KB

    • MD5

      b153fb7e3c389ea77b489faf835b11f6

    • SHA1

      aa9c8e45872597171e5ba21da6111b612ff51c00

    • SHA256

      3204893e4ca6c06b774a07b92f9a021fc073f2c630d0a62ecb2efeaeacc89556

    • SHA512

      bcd9d28dbc7ef21dde70f540d15b375a1edf906609f9cdc87281dd8d1aa329e4912bfd5f49aff8b58a703a74814ae0635df1325b7c55bf632bb85f280fce3e5a

    • SSDEEP

      6144:VebmkXPWL7gBOAgaCdCTeVMMF1+k05feCRdE9yEcZ0gsnAPROhxxpeTr/ekI:Vke4BOAg1Cxs1ihrdjEcZ0gyAUzxp6L

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks