General

  • Target

    03f971bea4f2c17b399df1edcfb8e787_JaffaCakes118

  • Size

    240KB

  • Sample

    241001-cfb26svgql

  • MD5

    03f971bea4f2c17b399df1edcfb8e787

  • SHA1

    8d141929eb64ecf5ded0d5a72844223a13259f8a

  • SHA256

    59d2a7edd511d5ff4a7e84657d1cc60769536f81feff6e0c684b7af5388b3ca2

  • SHA512

    e76ff3d870c1a1d4ffa03602bf86964510c4944033ec7ad97b4143052c3f4b7742b783fc5c5360f5840b30da29620989d7167e55c30ebc0dc6087b8c886ed61b

  • SSDEEP

    6144:n17ollAxkSW6uT7e0z3rUVJ+noOJQD4t8DWooOy:17o/AxC6uveknoOltwWX

Malware Config

Extracted

Family

redline

Botnet

PUB

C2

45.9.20.20:13441

Targets

    • Target

      03f971bea4f2c17b399df1edcfb8e787_JaffaCakes118

    • Size

      240KB

    • MD5

      03f971bea4f2c17b399df1edcfb8e787

    • SHA1

      8d141929eb64ecf5ded0d5a72844223a13259f8a

    • SHA256

      59d2a7edd511d5ff4a7e84657d1cc60769536f81feff6e0c684b7af5388b3ca2

    • SHA512

      e76ff3d870c1a1d4ffa03602bf86964510c4944033ec7ad97b4143052c3f4b7742b783fc5c5360f5840b30da29620989d7167e55c30ebc0dc6087b8c886ed61b

    • SSDEEP

      6144:n17ollAxkSW6uT7e0z3rUVJ+noOJQD4t8DWooOy:17o/AxC6uveknoOltwWX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks