Overview

overview

10

Static

static

1

433afb5498...18.exe

windows7-x64

3

433afb5498...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    433afb5498a42e06d92bf2bc2c35db8d_JaffaCakes118

  • Size

    123KB

  • Sample

    241014-vhm7bswaph

  • MD5

    433afb5498a42e06d92bf2bc2c35db8d

  • SHA1

    4620ca558bdb8bc389f4d8cab3f28e1d835525a0

  • SHA256

    79c2bb839f226933a2e9385ede840b1538e10e5e73bc2b1f717bf088476bb3b3

  • SHA512

    3f59adae36af8a9d27f835d6a93c5d406eec39bd6011a4a295eff99f2c52d920776339c630623c6757e4d3eff7ddaac182716ffd37b7adb1106c3b59a2f80498

  • SSDEEP

    3072:3Gajy/mpvCNRSYZm5UTQMHFnz39Xj0apbsSb:31vILqUTQMH/Xj0oV

Score
10/10
redlinesectopratdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

C2

136.243.179.78:23621

Targets

    • Target

      433afb5498a42e06d92bf2bc2c35db8d_JaffaCakes118

    • Size

      123KB

    • MD5

      433afb5498a42e06d92bf2bc2c35db8d

    • SHA1

      4620ca558bdb8bc389f4d8cab3f28e1d835525a0

    • SHA256

      79c2bb839f226933a2e9385ede840b1538e10e5e73bc2b1f717bf088476bb3b3

    • SHA512

      3f59adae36af8a9d27f835d6a93c5d406eec39bd6011a4a295eff99f2c52d920776339c630623c6757e4d3eff7ddaac182716ffd37b7adb1106c3b59a2f80498

    • SSDEEP

      3072:3Gajy/mpvCNRSYZm5UTQMHFnz39Xj0apbsSb:31vILqUTQMH/Xj0oV

    Score
    10/10
    discoveryredlinesectopratinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks