General

  • Target

    b41b6a2b8e0d6d46d82b21172ef0dd5b_JaffaCakes118

  • Size

    505KB

  • Sample

    240821-tglfnsxgle

  • MD5

    b41b6a2b8e0d6d46d82b21172ef0dd5b

  • SHA1

    21d929068b76ce9486b8b1fa096fc82691ffc325

  • SHA256

    1d73cca00bf01cd49c5ffa658a6cf2c1c2619fded679ded7a6a48293b203c5fc

  • SHA512

    e78ee206c8fd23f8af08d1cb6f1591542f1b0bf25238d0368ac29a9c3c3faae04a9206d3f3b3487fc3183d166fd4a36886f8636b6651bffa2ee7c39cd8d2f9a9

  • SSDEEP

    12288:i7PbMfT0mA9ZbOkyIqJitZ6r1L4tQjRDR/3saIQDLXv:iLNXJqKZaRjRt/3sKDj

Malware Config

Extracted

Family

redline

Botnet

@gxldonme

C2

185.82.126.114:31858

Targets

    • Target

      b41b6a2b8e0d6d46d82b21172ef0dd5b_JaffaCakes118

    • Size

      505KB

    • MD5

      b41b6a2b8e0d6d46d82b21172ef0dd5b

    • SHA1

      21d929068b76ce9486b8b1fa096fc82691ffc325

    • SHA256

      1d73cca00bf01cd49c5ffa658a6cf2c1c2619fded679ded7a6a48293b203c5fc

    • SHA512

      e78ee206c8fd23f8af08d1cb6f1591542f1b0bf25238d0368ac29a9c3c3faae04a9206d3f3b3487fc3183d166fd4a36886f8636b6651bffa2ee7c39cd8d2f9a9

    • SSDEEP

      12288:i7PbMfT0mA9ZbOkyIqJitZ6r1L4tQjRDR/3saIQDLXv:iLNXJqKZaRjRt/3sKDj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks