General

  • Target

    ce2d443139a660f135b2a9a721dd71af_JaffaCakes118

  • Size

    377KB

  • Sample

    240905-3sv9pavckl

  • MD5

    ce2d443139a660f135b2a9a721dd71af

  • SHA1

    06dcd33b64d5e9d0f2a036d78d328446fcc2b24e

  • SHA256

    2acb4c85d29625922f70b618144eb81f4427998aa52c06e2130527972a8bc0bb

  • SHA512

    32be98a999b1209564bb225d0544698982e77ef08797774a4f056a2802552ecfed9b1d1f2d91c27ab70ed183df4151864b5cdf9cd6a76a254746d30d7b0abc6d

  • SSDEEP

    6144:BIJM2/cLI84crzz34igmOficBBDO3Yw3XDBpfk87gCUgMROhxxpeTr/ekI:CMlF4cj34igmOlBBDOPDvr71zxp6L

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

178.63.26.132:29795

Targets

    • Target

      ce2d443139a660f135b2a9a721dd71af_JaffaCakes118

    • Size

      377KB

    • MD5

      ce2d443139a660f135b2a9a721dd71af

    • SHA1

      06dcd33b64d5e9d0f2a036d78d328446fcc2b24e

    • SHA256

      2acb4c85d29625922f70b618144eb81f4427998aa52c06e2130527972a8bc0bb

    • SHA512

      32be98a999b1209564bb225d0544698982e77ef08797774a4f056a2802552ecfed9b1d1f2d91c27ab70ed183df4151864b5cdf9cd6a76a254746d30d7b0abc6d

    • SSDEEP

      6144:BIJM2/cLI84crzz34igmOficBBDO3Yw3XDBpfk87gCUgMROhxxpeTr/ekI:CMlF4cj34igmOlBBDOPDvr71zxp6L

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks