Resubmissions

12-10-2024 13:12

241012-qfs8casbrd 10

12-10-2024 10:25

241012-mgakvazgmk 10

General

  • Target

    39856fa61381fd0ec1b7a87f53dfe510_JaffaCakes118

  • Size

    2.3MB

  • Sample

    241012-mgakvazgmk

  • MD5

    39856fa61381fd0ec1b7a87f53dfe510

  • SHA1

    74bcded6eadc3ccd978ca1140c064dfc511e9b88

  • SHA256

    0bd0a942b2e56887a21b9e6cd27f97319183a69b01d2927325b9d55b8132d28a

  • SHA512

    c91bfc8e6d346c3737ad936601b977722d013ee05dbd526c20da4d000d26026f1edbac323bb3dedc8d0326a16409d4e29fbc1cbea6014cc2e3818d0d274161c3

  • SSDEEP

    49152:fjcF7uFuLANL1ChIIqqJe3+GlGMGR7PeXCtfS1a:b8+5RidqnlcGX3

Malware Config

Extracted

Family

redline

Botnet

@dirtybast4rd

C2

185.183.32.195:80

Targets

    • Target

      39856fa61381fd0ec1b7a87f53dfe510_JaffaCakes118

    • Size

      2.3MB

    • MD5

      39856fa61381fd0ec1b7a87f53dfe510

    • SHA1

      74bcded6eadc3ccd978ca1140c064dfc511e9b88

    • SHA256

      0bd0a942b2e56887a21b9e6cd27f97319183a69b01d2927325b9d55b8132d28a

    • SHA512

      c91bfc8e6d346c3737ad936601b977722d013ee05dbd526c20da4d000d26026f1edbac323bb3dedc8d0326a16409d4e29fbc1cbea6014cc2e3818d0d274161c3

    • SSDEEP

      49152:fjcF7uFuLANL1ChIIqqJe3+GlGMGR7PeXCtfS1a:b8+5RidqnlcGX3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks