General

  • Target

    0f843dd136945a362283fcec9967d6c7_JaffaCakes118

  • Size

    133KB

  • Sample

    241003-thhfeatfjk

  • MD5

    0f843dd136945a362283fcec9967d6c7

  • SHA1

    789fb2bb3695129b3030c31856c5e832aaf9393d

  • SHA256

    c05c747f0cd5f83b91014059a784d2558dbd5df4a4c3f32bfd0cf22d50b8b784

  • SHA512

    fa8d1823d1503b44fbb19311bcf31c1804e6b6e15048b8fda8dd7548bc388d6abfcaef89715528fd5b6f383d3bc8e8ecd9e5893ee0e0200be92d658b604f50c0

  • SSDEEP

    3072:yALhMGzAlkpKcsdvM1bdQ4n78iJzlZzB2KMsiUU:yealTdK/8itB2eU

Malware Config

Extracted

Family

redline

Botnet

@lMinoryl

C2

77.83.175.99:4235

Targets

    • Target

      0f843dd136945a362283fcec9967d6c7_JaffaCakes118

    • Size

      133KB

    • MD5

      0f843dd136945a362283fcec9967d6c7

    • SHA1

      789fb2bb3695129b3030c31856c5e832aaf9393d

    • SHA256

      c05c747f0cd5f83b91014059a784d2558dbd5df4a4c3f32bfd0cf22d50b8b784

    • SHA512

      fa8d1823d1503b44fbb19311bcf31c1804e6b6e15048b8fda8dd7548bc388d6abfcaef89715528fd5b6f383d3bc8e8ecd9e5893ee0e0200be92d658b604f50c0

    • SSDEEP

      3072:yALhMGzAlkpKcsdvM1bdQ4n78iJzlZzB2KMsiUU:yealTdK/8itB2eU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks