General

  • Target

    c5a7d6307717c8a25b144957c79d5f76_JaffaCakes118

  • Size

    406KB

  • Sample

    240827-yxl5cszbra

  • MD5

    c5a7d6307717c8a25b144957c79d5f76

  • SHA1

    922aba7d62ab86fac2ad0101e0ce091c7c135598

  • SHA256

    14097a72d677e9e362f718154b230d8776f3f827a0b483070f9f02b8132d0ebf

  • SHA512

    e4271a79b07042cf0331dd5b30e8f3106cd0c2561a40cd57a217193de88953764fbb295db3c17143ff47365f4fc6633be6bd788be3ac5804d1a2d75d7de7eb04

  • SSDEEP

    6144:0FR05m+b9h3CXoLJwkETQ/bkuLCP502o6k7l+/A/rAMgJdTAZvyR7ioq7o5xj0My:MeZhyX5c/Qu0I6cNrrSdElyR2jo5q5Yq

Malware Config

Extracted

Family

redline

Botnet

@jaknhidf

C2

164.132.72.186:18717

Targets

    • Target

      c5a7d6307717c8a25b144957c79d5f76_JaffaCakes118

    • Size

      406KB

    • MD5

      c5a7d6307717c8a25b144957c79d5f76

    • SHA1

      922aba7d62ab86fac2ad0101e0ce091c7c135598

    • SHA256

      14097a72d677e9e362f718154b230d8776f3f827a0b483070f9f02b8132d0ebf

    • SHA512

      e4271a79b07042cf0331dd5b30e8f3106cd0c2561a40cd57a217193de88953764fbb295db3c17143ff47365f4fc6633be6bd788be3ac5804d1a2d75d7de7eb04

    • SSDEEP

      6144:0FR05m+b9h3CXoLJwkETQ/bkuLCP502o6k7l+/A/rAMgJdTAZvyR7ioq7o5xj0My:MeZhyX5c/Qu0I6cNrrSdElyR2jo5q5Yq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks