General

  • Target

    d077c2abcdd54c3b99c8e213e7ce9c37_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240906-z36avsydjf

  • MD5

    d077c2abcdd54c3b99c8e213e7ce9c37

  • SHA1

    5343e25e009dd981d2f0dcb8dd4c6d3d11f188ea

  • SHA256

    608ecfcb3922b79e06a74f47b65f3662cdfc048e35ef473debc49ff9430b7238

  • SHA512

    1dcaf2189fdb284639d442abfb4bb3c99ff0cd3411f188cd453added9ca6b71377232d3e4c771918b3615bcad6545e751e8373555d8e2c2cb69f6e5bf0a031d7

  • SSDEEP

    49152:zCxmV8TuZ7bqVPobiJbIN4kBwZc5xDNu:EmV86F4GPC+J

Malware Config

Extracted

Family

redline

Botnet

@admbx

C2

5.188.118.163:63275

Targets

    • Target

      d077c2abcdd54c3b99c8e213e7ce9c37_JaffaCakes118

    • Size

      1.7MB

    • MD5

      d077c2abcdd54c3b99c8e213e7ce9c37

    • SHA1

      5343e25e009dd981d2f0dcb8dd4c6d3d11f188ea

    • SHA256

      608ecfcb3922b79e06a74f47b65f3662cdfc048e35ef473debc49ff9430b7238

    • SHA512

      1dcaf2189fdb284639d442abfb4bb3c99ff0cd3411f188cd453added9ca6b71377232d3e4c771918b3615bcad6545e751e8373555d8e2c2cb69f6e5bf0a031d7

    • SSDEEP

      49152:zCxmV8TuZ7bqVPobiJbIN4kBwZc5xDNu:EmV86F4GPC+J

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks