General

  • Target

    362fdb2e05006cd91ae2d090179b4642_JaffaCakes118

  • Size

    373KB

  • Sample

    241011-w1xzxs1ern

  • MD5

    362fdb2e05006cd91ae2d090179b4642

  • SHA1

    b369e9475eea2e950112592944df5f2b88468fb9

  • SHA256

    574e22b44f2b1a0af1e8344a2e674d62c246287fa41c9ee3725120bc329a8a89

  • SHA512

    03b049d1214d55e0f8c64b617a8ad04c4aed8a4d97a4bb141c8165fb4d77253291c599f949789b88b6c95fee0a84b4d88b4073e5526269a80dfb57aaab46adff

  • SSDEEP

    6144:YoJy3BwMMp7pjyp1UpjomkaKL0l7aRHeh/IpxA3q+/spImOc8ghwBmVea0lHC7aZ:5Lpj+Fmkz9ehQQ6sspImOc8owba0lRdf

Malware Config

Extracted

Family

redline

Botnet

Ninja0809

C2

185.92.73.140:80

Targets

    • Target

      362fdb2e05006cd91ae2d090179b4642_JaffaCakes118

    • Size

      373KB

    • MD5

      362fdb2e05006cd91ae2d090179b4642

    • SHA1

      b369e9475eea2e950112592944df5f2b88468fb9

    • SHA256

      574e22b44f2b1a0af1e8344a2e674d62c246287fa41c9ee3725120bc329a8a89

    • SHA512

      03b049d1214d55e0f8c64b617a8ad04c4aed8a4d97a4bb141c8165fb4d77253291c599f949789b88b6c95fee0a84b4d88b4073e5526269a80dfb57aaab46adff

    • SSDEEP

      6144:YoJy3BwMMp7pjyp1UpjomkaKL0l7aRHeh/IpxA3q+/spImOc8ghwBmVea0lHC7aZ:5Lpj+Fmkz9ehQQ6sspImOc8owba0lRdf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks