General

  • Target

    1fb2f78775ac4be2f8230f035106fd7e_JaffaCakes118

  • Size

    484KB

  • Sample

    241008-fl4wxsteph

  • MD5

    1fb2f78775ac4be2f8230f035106fd7e

  • SHA1

    f61caecd1e22e55d5571653704a88c426746b2db

  • SHA256

    c6231b9200325eb3b9e6527eafed2ce7163a239d25c98a7e2d052cdb4cb76a21

  • SHA512

    abe17cddaa9054c582af0fbdaa3010a873353b1761887e2abe2d8e3a510391ef16f9cb155f1f6a87091f40f31e8aa7a00765b82ac73bb040544d818c6d5eeda2

  • SSDEEP

    12288:Nipy3UiVTARcJ/Ot2FRTPF8bF+anf9pDBL1FpKNn:NirCwUTPF8bVnf9pDLXKNn

Malware Config

Extracted

Family

redline

Botnet

1

C2

95.181.163.3:46303

Targets

    • Target

      1fb2f78775ac4be2f8230f035106fd7e_JaffaCakes118

    • Size

      484KB

    • MD5

      1fb2f78775ac4be2f8230f035106fd7e

    • SHA1

      f61caecd1e22e55d5571653704a88c426746b2db

    • SHA256

      c6231b9200325eb3b9e6527eafed2ce7163a239d25c98a7e2d052cdb4cb76a21

    • SHA512

      abe17cddaa9054c582af0fbdaa3010a873353b1761887e2abe2d8e3a510391ef16f9cb155f1f6a87091f40f31e8aa7a00765b82ac73bb040544d818c6d5eeda2

    • SSDEEP

      12288:Nipy3UiVTARcJ/Ot2FRTPF8bF+anf9pDBL1FpKNn:NirCwUTPF8bVnf9pDLXKNn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks