Resubmissions

13-10-2024 18:55

241013-xk9jfsseja 10

13-10-2024 18:38

241013-xahb8a1gpb 10

General

  • Target

    4171f269ee39258b1f57e1b61f1c9ef4_JaffaCakes118

  • Size

    290KB

  • Sample

    241013-xk9jfsseja

  • MD5

    4171f269ee39258b1f57e1b61f1c9ef4

  • SHA1

    87fa0a878fcc87d7baa33b33a1c5a85e343852bb

  • SHA256

    2f0098ea983c398144907bdcf7943f8bb22090fee1a59636cd6414343f5f9739

  • SHA512

    8ecc67f1ef056905c592618ace515f176b4f1fa3a2afec890f0c7d107c5689a1ad979a27dcf647bad2e8e18fecd36effa18a1ba823f1146e8ae70bc549fb52bf

  • SSDEEP

    6144:8vSZYYaKAlpzXP+LByNfRRl/zY/hTYvL0Sk1G:8C+XP+1w9zYWvL0v1G

Malware Config

Extracted

Family

redline

Botnet

@souoy

C2

135.125.40.64:15456

Targets

    • Target

      4171f269ee39258b1f57e1b61f1c9ef4_JaffaCakes118

    • Size

      290KB

    • MD5

      4171f269ee39258b1f57e1b61f1c9ef4

    • SHA1

      87fa0a878fcc87d7baa33b33a1c5a85e343852bb

    • SHA256

      2f0098ea983c398144907bdcf7943f8bb22090fee1a59636cd6414343f5f9739

    • SHA512

      8ecc67f1ef056905c592618ace515f176b4f1fa3a2afec890f0c7d107c5689a1ad979a27dcf647bad2e8e18fecd36effa18a1ba823f1146e8ae70bc549fb52bf

    • SSDEEP

      6144:8vSZYYaKAlpzXP+LByNfRRl/zY/hTYvL0Sk1G:8C+XP+1w9zYWvL0v1G

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks