General

  • Target

    04f8f3d4e4233e1d3b2ff95aa1701132_JaffaCakes118

  • Size

    408KB

  • Sample

    241001-j2brvstaqd

  • MD5

    04f8f3d4e4233e1d3b2ff95aa1701132

  • SHA1

    a3238953db79dd18741976dfbce95251ede68700

  • SHA256

    180206edd3f58113ba0129e7f815b38a6675c6f274b82b68df7986e9c6a82715

  • SHA512

    07b8ee0b457b05c5d3b1fa39201770e1c997480d25e2d475cef7822481a91dc6fb20dba909bbd9d79ba11f03c7464a30f3f13c9dae1fad9b76a549b425a71ea8

  • SSDEEP

    6144:CSF2LL4EwvJFtF3qtntovUHkaN4yDcYz6RM9AoNvapJzNe6vJ7xdD9nBSrka:+RwbKntxHuiL1apB/vJ7xDBSIa

Malware Config

Extracted

Family

redline

Botnet

@keynejkee

C2

164.132.72.186:18717

Targets

    • Target

      04f8f3d4e4233e1d3b2ff95aa1701132_JaffaCakes118

    • Size

      408KB

    • MD5

      04f8f3d4e4233e1d3b2ff95aa1701132

    • SHA1

      a3238953db79dd18741976dfbce95251ede68700

    • SHA256

      180206edd3f58113ba0129e7f815b38a6675c6f274b82b68df7986e9c6a82715

    • SHA512

      07b8ee0b457b05c5d3b1fa39201770e1c997480d25e2d475cef7822481a91dc6fb20dba909bbd9d79ba11f03c7464a30f3f13c9dae1fad9b76a549b425a71ea8

    • SSDEEP

      6144:CSF2LL4EwvJFtF3qtntovUHkaN4yDcYz6RM9AoNvapJzNe6vJ7xdD9nBSrka:+RwbKntxHuiL1apB/vJ7xDBSIa

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks