General

  • Target

    bb0490ad51aedab3bcf56e12a583f17d_JaffaCakes118

  • Size

    256KB

  • Sample

    240823-kg362swglr

  • MD5

    bb0490ad51aedab3bcf56e12a583f17d

  • SHA1

    23a4705c94ae3e7a874e540af3d22ba028c3b19c

  • SHA256

    20916512dfb83c3322d9a7c1bf9e43d0b97106af9ecc3ab1af8c1a07a8324963

  • SHA512

    fd3ec37e54366339664a26b05d565cf1189f60718609a8620a9fe24cdcc6ecd029d770b68d1eaedfa832ffb01ee8462e5b206f53e2daf0bc228a7f0d8c4a7668

  • SSDEEP

    6144:lIEpfZ9MzlfKrD9mwvt/2i/v0WMbKcqf4B6k8x0:eEpfNrD97///v0HKcrBqx0

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      bb0490ad51aedab3bcf56e12a583f17d_JaffaCakes118

    • Size

      256KB

    • MD5

      bb0490ad51aedab3bcf56e12a583f17d

    • SHA1

      23a4705c94ae3e7a874e540af3d22ba028c3b19c

    • SHA256

      20916512dfb83c3322d9a7c1bf9e43d0b97106af9ecc3ab1af8c1a07a8324963

    • SHA512

      fd3ec37e54366339664a26b05d565cf1189f60718609a8620a9fe24cdcc6ecd029d770b68d1eaedfa832ffb01ee8462e5b206f53e2daf0bc228a7f0d8c4a7668

    • SSDEEP

      6144:lIEpfZ9MzlfKrD9mwvt/2i/v0WMbKcqf4B6k8x0:eEpfNrD97///v0HKcrBqx0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks