General

  • Target

    3d5508a2345086e2d9be329bccc75924_JaffaCakes118

  • Size

    503KB

  • Sample

    241013-c31n2svemf

  • MD5

    3d5508a2345086e2d9be329bccc75924

  • SHA1

    f5a9e271c6ce4185f4106e2206fa84ce931fd213

  • SHA256

    b5964152ba2408fe8352458c9d157dd55ffcb8756aeedeeaae4bee7c6edea6b1

  • SHA512

    8fe6fef76fb684694c93e6fff70ad4d5881b63e8811333307ca185fbc2033e4cd4358bb8365d95c42d273f899ebf274ea2ec4bbc22db7da06b7a710d27fc8e7e

  • SSDEEP

    12288:wTjBS95gBBgQPoA/3wZsXpWvg6ce2bWPSwTW0ArNQtsdLHKtYwwyn4rQU6:V56gQw3sXpW

Malware Config

Extracted

Family

redline

Botnet

@zxcAsta

C2

92.119.113.189:21746

Targets

    • Target

      3d5508a2345086e2d9be329bccc75924_JaffaCakes118

    • Size

      503KB

    • MD5

      3d5508a2345086e2d9be329bccc75924

    • SHA1

      f5a9e271c6ce4185f4106e2206fa84ce931fd213

    • SHA256

      b5964152ba2408fe8352458c9d157dd55ffcb8756aeedeeaae4bee7c6edea6b1

    • SHA512

      8fe6fef76fb684694c93e6fff70ad4d5881b63e8811333307ca185fbc2033e4cd4358bb8365d95c42d273f899ebf274ea2ec4bbc22db7da06b7a710d27fc8e7e

    • SSDEEP

      12288:wTjBS95gBBgQPoA/3wZsXpWvg6ce2bWPSwTW0ArNQtsdLHKtYwwyn4rQU6:V56gQw3sXpW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks