General

  • Target

    2d50222f6b702083c73d10e94eaaef9f_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241009-je8s3sydpf

  • MD5

    2d50222f6b702083c73d10e94eaaef9f

  • SHA1

    dcce81eecbb46ef3963c8b4ad30f2ec3b14d2056

  • SHA256

    80752bd3e74c165e9c88fee2b806b67641f6cdae222d4ef9f5bc433f8501e767

  • SHA512

    10482897831ef7cf9ffc117e41e876c212f26c2f6cc4a8e089ee3990f64dde296d4d3c5fa5bcdab9c4f01ce71a4f864d43876c6f23f5fd2f64f97e66a50dcdfa

  • SSDEEP

    24576:rRzS4127aD0WEjwizMRjgynPEeyTYQ/MuRJNObPztSC:I412GD0WEkihNYQZBObn

Malware Config

Extracted

Family

redline

Botnet

rich

C2

95.217.248.44:11695

Targets

    • Target

      2d50222f6b702083c73d10e94eaaef9f_JaffaCakes118

    • Size

      1.1MB

    • MD5

      2d50222f6b702083c73d10e94eaaef9f

    • SHA1

      dcce81eecbb46ef3963c8b4ad30f2ec3b14d2056

    • SHA256

      80752bd3e74c165e9c88fee2b806b67641f6cdae222d4ef9f5bc433f8501e767

    • SHA512

      10482897831ef7cf9ffc117e41e876c212f26c2f6cc4a8e089ee3990f64dde296d4d3c5fa5bcdab9c4f01ce71a4f864d43876c6f23f5fd2f64f97e66a50dcdfa

    • SSDEEP

      24576:rRzS4127aD0WEjwizMRjgynPEeyTYQ/MuRJNObPztSC:I412GD0WEkihNYQZBObn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks