General

  • Target

    3142a0e2412b7d9b5ccb59594bf2e7dd_JaffaCakes118

  • Size

    362KB

  • Sample

    241010-wtbs4svdkq

  • MD5

    3142a0e2412b7d9b5ccb59594bf2e7dd

  • SHA1

    0d39c3f00a0ce554a7b873ef4cb1af3d1c61dabf

  • SHA256

    2caff8ebc8ec92ba3f6af2da25e8bb81f01be0bb6ec307cf2224cc5e3eb42d79

  • SHA512

    612c75a3ab892d3703fc6731e6f2489fa9f32b1261241194d3f4f54701fe1ded6ecc1b8cb24996516bb66cf69ea29f50fc0d166d47dcdf7b2a68bc13a644a104

  • SSDEEP

    6144:2DpOABhgI3dm2bHSsZWEPX/qSAVLUGJhynoaRZLNGlIe13QIk:2D4Ehh3dZHSsZ3PQQGJhylRrZkk

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.20:13441

Targets

    • Target

      3142a0e2412b7d9b5ccb59594bf2e7dd_JaffaCakes118

    • Size

      362KB

    • MD5

      3142a0e2412b7d9b5ccb59594bf2e7dd

    • SHA1

      0d39c3f00a0ce554a7b873ef4cb1af3d1c61dabf

    • SHA256

      2caff8ebc8ec92ba3f6af2da25e8bb81f01be0bb6ec307cf2224cc5e3eb42d79

    • SHA512

      612c75a3ab892d3703fc6731e6f2489fa9f32b1261241194d3f4f54701fe1ded6ecc1b8cb24996516bb66cf69ea29f50fc0d166d47dcdf7b2a68bc13a644a104

    • SSDEEP

      6144:2DpOABhgI3dm2bHSsZWEPX/qSAVLUGJhynoaRZLNGlIe13QIk:2D4Ehh3dZHSsZ3PQQGJhylRrZkk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks