General

  • Target

    36cfb4ec3719fd6a213c49142afbf770_JaffaCakes118

  • Size

    820KB

  • Sample

    241011-zyhc8sydnk

  • MD5

    36cfb4ec3719fd6a213c49142afbf770

  • SHA1

    57c07af3c4d7289a764ab778182e1452d7c85fd5

  • SHA256

    c6434a502010b50f0ddd34e5ba9f57f2e98ac89670a212ddf74dd761b5a66239

  • SHA512

    05638aa4a26f6702fc162caf2441d1c0750a5b526e34db4e87d6e70053864444606b820e942040551c830938dc1185a58a03ebdf30a25310129ebfef6267d359

  • SSDEEP

    12288:NkuJH9s/luhL65eA1GoCxMWEKYaUrDkbfVKbO/pg3WdP0E+5:4uV813Q

Malware Config

Extracted

Family

redline

Botnet

id8

C2

qutjuvanus.xyz:80

Targets

    • Target

      36cfb4ec3719fd6a213c49142afbf770_JaffaCakes118

    • Size

      820KB

    • MD5

      36cfb4ec3719fd6a213c49142afbf770

    • SHA1

      57c07af3c4d7289a764ab778182e1452d7c85fd5

    • SHA256

      c6434a502010b50f0ddd34e5ba9f57f2e98ac89670a212ddf74dd761b5a66239

    • SHA512

      05638aa4a26f6702fc162caf2441d1c0750a5b526e34db4e87d6e70053864444606b820e942040551c830938dc1185a58a03ebdf30a25310129ebfef6267d359

    • SSDEEP

      12288:NkuJH9s/luhL65eA1GoCxMWEKYaUrDkbfVKbO/pg3WdP0E+5:4uV813Q

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks