General

  • Target

    2b627b331cbc29aa992dad4ff472b838_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241009-fr1rfsvfng

  • MD5

    2b627b331cbc29aa992dad4ff472b838

  • SHA1

    a2314a9977ce8fa7d1d879c00fcbed255f4bfd79

  • SHA256

    168da325b7ac76ba8d7e945cd9857df577fc1f88babb632e7957624fa9ede59c

  • SHA512

    724941bdbdd4aa6f27513eed386fd84112fec996d76b4d613fa5483d798e5097390ac3e07ddbf3a0c68c4cefb408b2eb0b868ba8003278048afd2374ebe978ce

  • SSDEEP

    24576:SSC6dMVJDVbNifdYTv6HpYhLuFQpW3oYU4m/a3pLyleTU7gYjZ:G6aVLTv6r2pWYt4kahseIn

Malware Config

Extracted

Family

redline

Botnet

1393568129

C2

salanoajalio.xyz:80

Targets

    • Target

      2b627b331cbc29aa992dad4ff472b838_JaffaCakes118

    • Size

      1.1MB

    • MD5

      2b627b331cbc29aa992dad4ff472b838

    • SHA1

      a2314a9977ce8fa7d1d879c00fcbed255f4bfd79

    • SHA256

      168da325b7ac76ba8d7e945cd9857df577fc1f88babb632e7957624fa9ede59c

    • SHA512

      724941bdbdd4aa6f27513eed386fd84112fec996d76b4d613fa5483d798e5097390ac3e07ddbf3a0c68c4cefb408b2eb0b868ba8003278048afd2374ebe978ce

    • SSDEEP

      24576:SSC6dMVJDVbNifdYTv6HpYhLuFQpW3oYU4m/a3pLyleTU7gYjZ:G6aVLTv6r2pWYt4kahseIn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks