General

  • Target

    382f5a6a52d175aae0c840ceb98df0bc_JaffaCakes118

  • Size

    323KB

  • Sample

    241012-drhjrszenh

  • MD5

    382f5a6a52d175aae0c840ceb98df0bc

  • SHA1

    cc0aad191db1da254723e4612ddcbb7452e6c4b3

  • SHA256

    d6ad6bc3677768e525dd357486e49576a0b0d97e9cddd93a95f872db7828acf1

  • SHA512

    bc1e4604f90819ba8462be0d2b4f018ab17ff68e81737821a0318d3835f3a3400a7867b626b78d45618a4e7602f49b1a53b6e4af34a7c9d1603f78259ee0f2c0

  • SSDEEP

    6144:3gY9o4nxbuOcyHtcCjsUyOgMNsevsMBy97+orHLwShptn640MJU1UUDkGdOcVbOr:3ng+Nc8JyzwW8y/rHEGP

Malware Config

Extracted

Family

redline

Botnet

prolivchik

C2

89.223.69.149:12104

Targets

    • Target

      382f5a6a52d175aae0c840ceb98df0bc_JaffaCakes118

    • Size

      323KB

    • MD5

      382f5a6a52d175aae0c840ceb98df0bc

    • SHA1

      cc0aad191db1da254723e4612ddcbb7452e6c4b3

    • SHA256

      d6ad6bc3677768e525dd357486e49576a0b0d97e9cddd93a95f872db7828acf1

    • SHA512

      bc1e4604f90819ba8462be0d2b4f018ab17ff68e81737821a0318d3835f3a3400a7867b626b78d45618a4e7602f49b1a53b6e4af34a7c9d1603f78259ee0f2c0

    • SSDEEP

      6144:3gY9o4nxbuOcyHtcCjsUyOgMNsevsMBy97+orHLwShptn640MJU1UUDkGdOcVbOr:3ng+Nc8JyzwW8y/rHEGP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks