General

  • Target

    fc631c84dc3f3fe47a1f526d3f1c7599_JaffaCakes118

  • Size

    423KB

  • Sample

    240928-qmn7zazhpe

  • MD5

    fc631c84dc3f3fe47a1f526d3f1c7599

  • SHA1

    6d36455501ff48f29c7041b014633fcd098f4580

  • SHA256

    b9675e4c8a9934d457626af3be655ad46a9e90c6bedc6dbe80fbcef657af1e2f

  • SHA512

    f9fc1e1f11e42b38f1684f945b8dcb8dc86955d91b529c7d27346fc55be6657c03fb2b8bb600cf21c534d48a38a0856ca89d7112c2cf324234fa1ce0bceefd52

  • SSDEEP

    12288:wOhhl5E5+iEcvpbCC7dgfjO/ofBVA7KlrNaxt:hluA

Malware Config

Extracted

Family

redline

Botnet

WarzoneUnlockAllToolV3.5_ByRec0n13T

C2

185.215.113.55:36801

Attributes
  • auth_value

    5c57f1eb36bb351b7007ba406bba7afc

Targets

    • Target

      fc631c84dc3f3fe47a1f526d3f1c7599_JaffaCakes118

    • Size

      423KB

    • MD5

      fc631c84dc3f3fe47a1f526d3f1c7599

    • SHA1

      6d36455501ff48f29c7041b014633fcd098f4580

    • SHA256

      b9675e4c8a9934d457626af3be655ad46a9e90c6bedc6dbe80fbcef657af1e2f

    • SHA512

      f9fc1e1f11e42b38f1684f945b8dcb8dc86955d91b529c7d27346fc55be6657c03fb2b8bb600cf21c534d48a38a0856ca89d7112c2cf324234fa1ce0bceefd52

    • SSDEEP

      12288:wOhhl5E5+iEcvpbCC7dgfjO/ofBVA7KlrNaxt:hluA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks