General

  • Target

    08bbe3c6e05eede66aecff6f708b6ed2_JaffaCakes118

  • Size

    316KB

  • Sample

    241002-ednpaszbkc

  • MD5

    08bbe3c6e05eede66aecff6f708b6ed2

  • SHA1

    3070e95b25b428b40c5e4f2fcf8a1f910ee03b24

  • SHA256

    aeb026ea5a445b6c416a9c9b7d14dc1cf0960fff382f3d090af61c1314413bb5

  • SHA512

    5fc01b5a643d11ea8852c563259511a0543e4f9e77473f1aebeb68cbda49f1d3670777bf2400aa759399673d34697af406e52c2f2232e216f9555df6956ae715

  • SSDEEP

    3072:N8SrkuT/o5SwMbvonnbV59vjbIOPTk8y/vZJv/2Hly+f/Cd5Ow7YWnb886IlnCNl:R//g1Nvy8UvZJX2Fyy6+bWYKlCIwY8

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

C2

185.215.113.114:8887

Targets

    • Target

      08bbe3c6e05eede66aecff6f708b6ed2_JaffaCakes118

    • Size

      316KB

    • MD5

      08bbe3c6e05eede66aecff6f708b6ed2

    • SHA1

      3070e95b25b428b40c5e4f2fcf8a1f910ee03b24

    • SHA256

      aeb026ea5a445b6c416a9c9b7d14dc1cf0960fff382f3d090af61c1314413bb5

    • SHA512

      5fc01b5a643d11ea8852c563259511a0543e4f9e77473f1aebeb68cbda49f1d3670777bf2400aa759399673d34697af406e52c2f2232e216f9555df6956ae715

    • SSDEEP

      3072:N8SrkuT/o5SwMbvonnbV59vjbIOPTk8y/vZJv/2Hly+f/Cd5Ow7YWnb886IlnCNl:R//g1Nvy8UvZJX2Fyy6+bWYKlCIwY8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks