General

  • Target

    db58770d2e579ffccc89fa0e80b6fbea_JaffaCakes118

  • Size

    24.1MB

  • Sample

    240911-2kjp9axcmg

  • MD5

    db58770d2e579ffccc89fa0e80b6fbea

  • SHA1

    5d5ff145e35ff5cb9a29ae1e1e90f522f7965897

  • SHA256

    45a95f380d1df93afc4ead92061023c2f31efbb07fbde1bca2bd8581d90d7cdd

  • SHA512

    ada7c65a6cf73e70d22e9840c73c745657625c1912cb8b8d1a33b6d7b40ae87d871051207fb76774d2ec573981396262a9dc13269522f7b5b3e4cc1e2d7bbe3c

  • SSDEEP

    24576:tYH24VdpPHruLp1JOjZ1umKjJWzwZquuMiwTAT:GH24Vdpjud1JOdMJrqmiwTA

Malware Config

Extracted

Family

redline

Botnet

@pjuai123

C2

185.209.22.181:34925

Targets

    • Target

      db58770d2e579ffccc89fa0e80b6fbea_JaffaCakes118

    • Size

      24.1MB

    • MD5

      db58770d2e579ffccc89fa0e80b6fbea

    • SHA1

      5d5ff145e35ff5cb9a29ae1e1e90f522f7965897

    • SHA256

      45a95f380d1df93afc4ead92061023c2f31efbb07fbde1bca2bd8581d90d7cdd

    • SHA512

      ada7c65a6cf73e70d22e9840c73c745657625c1912cb8b8d1a33b6d7b40ae87d871051207fb76774d2ec573981396262a9dc13269522f7b5b3e4cc1e2d7bbe3c

    • SSDEEP

      24576:tYH24VdpPHruLp1JOjZ1umKjJWzwZquuMiwTAT:GH24Vdpjud1JOdMJrqmiwTA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks