General

  • Target

    00e8532313249e72acc9d045063ac68e_JaffaCakes118

  • Size

    383KB

  • Sample

    240930-mrjw9sveqb

  • MD5

    00e8532313249e72acc9d045063ac68e

  • SHA1

    e3343d11dac2c3853895bee92bcbd95d4e082a7c

  • SHA256

    9cb794f9cc6ff45711cc17185a1e119b758322b0b6c496e03e61b4d8557e032e

  • SHA512

    bc53d057b0950e4b53cb48292271fd1f8e2ed07ed93a707f9ca670ef7dfac07b7aa41de480d2585de3d60309cb2e2ee9c4504ef046b204566f25850c2279c4a8

  • SSDEEP

    6144:ob4RCBuFV2nyzK+I6QTK5hBf8siz+IRbPzFMvYdg94hBcR+hlhHq7Y1s6FVuNtDd:dRCBS2np+wPdg9wBjnHi8wtDCgOitJhl

Malware Config

Extracted

Family

redline

Botnet

@DF_steal

C2

185.213.209.36:36533

Targets

    • Target

      00e8532313249e72acc9d045063ac68e_JaffaCakes118

    • Size

      383KB

    • MD5

      00e8532313249e72acc9d045063ac68e

    • SHA1

      e3343d11dac2c3853895bee92bcbd95d4e082a7c

    • SHA256

      9cb794f9cc6ff45711cc17185a1e119b758322b0b6c496e03e61b4d8557e032e

    • SHA512

      bc53d057b0950e4b53cb48292271fd1f8e2ed07ed93a707f9ca670ef7dfac07b7aa41de480d2585de3d60309cb2e2ee9c4504ef046b204566f25850c2279c4a8

    • SSDEEP

      6144:ob4RCBuFV2nyzK+I6QTK5hBf8siz+IRbPzFMvYdg94hBcR+hlhHq7Y1s6FVuNtDd:dRCBS2np+wPdg9wBjnHi8wtDCgOitJhl

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks