General

  • Target

    030f2e3da969d7d9e8aa9ef66e382210_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240930-yr82yasgmk

  • MD5

    030f2e3da969d7d9e8aa9ef66e382210

  • SHA1

    40a394d130f14884c3ddca145c06e8e7aa055054

  • SHA256

    84275c2fe866a981cdb9fcca15a524035568eb5d9fa4e8d9159fa32c48fd1425

  • SHA512

    e5273ce6b98be6243a4c4f08c72ae88e13583c0dfe5b6b7010400d8221b72d1875c7e1a9b538257bbd5f753a7ac04d7a3f7b2e86db0f5c6069ed7827fa15489f

  • SSDEEP

    24576:fXjzd7ibgr9TFOeuv42h30ojS3i9aoW+MhW0LwQEwRbH:I0ojS3iIopMhWqwJI

Malware Config

Extracted

Family

redline

Botnet

Lexa4okBTC

C2

45.140.147.31:22127

Targets

    • Target

      030f2e3da969d7d9e8aa9ef66e382210_JaffaCakes118

    • Size

      1.0MB

    • MD5

      030f2e3da969d7d9e8aa9ef66e382210

    • SHA1

      40a394d130f14884c3ddca145c06e8e7aa055054

    • SHA256

      84275c2fe866a981cdb9fcca15a524035568eb5d9fa4e8d9159fa32c48fd1425

    • SHA512

      e5273ce6b98be6243a4c4f08c72ae88e13583c0dfe5b6b7010400d8221b72d1875c7e1a9b538257bbd5f753a7ac04d7a3f7b2e86db0f5c6069ed7827fa15489f

    • SSDEEP

      24576:fXjzd7ibgr9TFOeuv42h30ojS3i9aoW+MhW0LwQEwRbH:I0ojS3iIopMhWqwJI

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks