General

  • Target

    d68c8c9004fd0dc87f7758ae72f8b5cd_JaffaCakes118

  • Size

    326KB

  • Sample

    240909-sax1fswfke

  • MD5

    d68c8c9004fd0dc87f7758ae72f8b5cd

  • SHA1

    7a03673b591b95bd4b7e885a44c09a34b2c7d677

  • SHA256

    e5e7657c806e67c37dcf7edda26bfe3f803b6fa4236bbfff2a0d3a25cc4f46f7

  • SHA512

    9bb18cce2656a104330e0f01208f1909fbcc497c65724afc512c90145f5208a3f13d2e7b0ace75cb91185c0416277c815bfebde57e57f60a92ce558583a88481

  • SSDEEP

    6144:voMu1WHeBT5RXXjBznFo6RvtO///gtot6JR8DKNrow24Ew1mZsJh47oXkoj0iYmv:vB1+d5RX5Fo6Rvyt6X8f4ZW+CG7wqiYL

Malware Config

Extracted

Family

redline

Botnet

4

C2

80.87.192.249:16640

Attributes
  • auth_value

    3e4c638c72124e45bcf5164456741cce

Targets

    • Target

      d68c8c9004fd0dc87f7758ae72f8b5cd_JaffaCakes118

    • Size

      326KB

    • MD5

      d68c8c9004fd0dc87f7758ae72f8b5cd

    • SHA1

      7a03673b591b95bd4b7e885a44c09a34b2c7d677

    • SHA256

      e5e7657c806e67c37dcf7edda26bfe3f803b6fa4236bbfff2a0d3a25cc4f46f7

    • SHA512

      9bb18cce2656a104330e0f01208f1909fbcc497c65724afc512c90145f5208a3f13d2e7b0ace75cb91185c0416277c815bfebde57e57f60a92ce558583a88481

    • SSDEEP

      6144:voMu1WHeBT5RXXjBznFo6RvtO///gtot6JR8DKNrow24Ew1mZsJh47oXkoj0iYmv:vB1+d5RX5Fo6Rvyt6X8f4ZW+CG7wqiYL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks