Overview

overview

10

Static

static

3

a2f64e0612...18.exe

windows7-x64

10

a2f64e0612...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2f64e0612a68cc5468b83d1a73e6d89_JaffaCakes118

  • Size

    495KB

  • Sample

    241126-tyc6mavqfl

  • MD5

    a2f64e0612a68cc5468b83d1a73e6d89

  • SHA1

    bbe81bac6f9091baf585c652cfcf035d0aa0776d

  • SHA256

    054daae4706ac51f848c824c4894353b6bf043e2bb93c97126eac80599b61d8e

  • SHA512

    e839d369b964c2dd83c55464952f9a0de91a44fe738edf29bd8e7105bee7f38883012735a24eb31913d280189339f87dfdcd37248a30b96edc0e3af2212029a9

  • SSDEEP

    12288:FMJJLMP5my93Yx0CUKrg3gmCMoVRDPgSCK2tR91qRvTOJpUKbrIKAlsLbEyh8FVx:FMJJwTY3lMQmCMorbCK81

Score
10/10
redlinesectoprat@f1gasebediscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

@F1gaSebe

C2

92.119.113.189:21746

Targets

    • Target

      a2f64e0612a68cc5468b83d1a73e6d89_JaffaCakes118

    • Size

      495KB

    • MD5

      a2f64e0612a68cc5468b83d1a73e6d89

    • SHA1

      bbe81bac6f9091baf585c652cfcf035d0aa0776d

    • SHA256

      054daae4706ac51f848c824c4894353b6bf043e2bb93c97126eac80599b61d8e

    • SHA512

      e839d369b964c2dd83c55464952f9a0de91a44fe738edf29bd8e7105bee7f38883012735a24eb31913d280189339f87dfdcd37248a30b96edc0e3af2212029a9

    • SSDEEP

      12288:FMJJLMP5my93Yx0CUKrg3gmCMoVRDPgSCK2tR91qRvTOJpUKbrIKAlsLbEyh8FVx:FMJJwTY3lMQmCMorbCK81

    Score
    10/10
    redlinesectoprat@f1gasebediscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks