General

  • Target

    d74955fc485e8c4ead3e11f3a7bfd6ae_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240909-3rrvwayaqb

  • MD5

    d74955fc485e8c4ead3e11f3a7bfd6ae

  • SHA1

    2bad2c37ad87cb708080e70fb3ccb972b6c0e49b

  • SHA256

    322b1d2a8427c46ccbfb455211c82e16d99965b3060c16f1b95a871dd3191f34

  • SHA512

    07306a1df5671173f4bdbddbd0bf9ae8e5819543ff762642403bde1499dca61e589fa49a048a0bc6a5ffbc982f1a3cbf707f56d19f12a27d99ea1c430c61ca75

  • SSDEEP

    24576:A7o2odTV/KAz7bO/sffrtQ2nXeqSPnD+Q95kU8YS/6:QvodR/1z7msffrtQhK7Uh

Malware Config

Extracted

Family

redline

Botnet

@oathbreaker_op

C2

185.209.22.181:34925

Targets

    • Target

      d74955fc485e8c4ead3e11f3a7bfd6ae_JaffaCakes118

    • Size

      1.1MB

    • MD5

      d74955fc485e8c4ead3e11f3a7bfd6ae

    • SHA1

      2bad2c37ad87cb708080e70fb3ccb972b6c0e49b

    • SHA256

      322b1d2a8427c46ccbfb455211c82e16d99965b3060c16f1b95a871dd3191f34

    • SHA512

      07306a1df5671173f4bdbddbd0bf9ae8e5819543ff762642403bde1499dca61e589fa49a048a0bc6a5ffbc982f1a3cbf707f56d19f12a27d99ea1c430c61ca75

    • SSDEEP

      24576:A7o2odTV/KAz7bO/sffrtQ2nXeqSPnD+Q95kU8YS/6:QvodR/1z7msffrtQhK7Uh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks