General

  • Target

    01a34dc1250bd19e26f21a80d06c0a63_JaffaCakes118

  • Size

    408KB

  • Sample

    240930-q1zwmasdrg

  • MD5

    01a34dc1250bd19e26f21a80d06c0a63

  • SHA1

    0848970ff0dae004c236b85876e230722a2e1d74

  • SHA256

    56edf92eb332895c4a1cb6430d8a636d8fe3b14ee751768edbb09cfe4407f408

  • SHA512

    be12c39e80e525dcc5d0d909cd93e4566059220b0e962972092dc908e80b70d67f4d9de5794a01301aabe615b52ff738a323ed1f22120162ea038586d1519a4f

  • SSDEEP

    6144:MSF2LL4EwvJRtF3qtntovUHkaN4yDcYz6RM9AoNvapJzNe6vJ7xdD9nBSrka:oRwXKntxHuiL1apB/vJ7xDBSIa

Malware Config

Extracted

Family

redline

Botnet

@keynejkee

C2

164.132.72.186:18717

Targets

    • Target

      01a34dc1250bd19e26f21a80d06c0a63_JaffaCakes118

    • Size

      408KB

    • MD5

      01a34dc1250bd19e26f21a80d06c0a63

    • SHA1

      0848970ff0dae004c236b85876e230722a2e1d74

    • SHA256

      56edf92eb332895c4a1cb6430d8a636d8fe3b14ee751768edbb09cfe4407f408

    • SHA512

      be12c39e80e525dcc5d0d909cd93e4566059220b0e962972092dc908e80b70d67f4d9de5794a01301aabe615b52ff738a323ed1f22120162ea038586d1519a4f

    • SSDEEP

      6144:MSF2LL4EwvJRtF3qtntovUHkaN4yDcYz6RM9AoNvapJzNe6vJ7xdD9nBSrka:oRwXKntxHuiL1apB/vJ7xDBSIa

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks