Overview

overview

10

Static

static

3

b3e71b5e97...18.exe

windows7-x64

10

b3e71b5e97...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b3e71b5e973a42dc9f297f79377165b7_JaffaCakes118

  • Size

    804KB

  • Sample

    241129-2skbravmgk

  • MD5

    b3e71b5e973a42dc9f297f79377165b7

  • SHA1

    a084d94b800a490f40852a42141fa8d56a7cb668

  • SHA256

    dd8accb35c4d3064543686f1f697b9e5eb4195fbefecef6f53e032ef2bd4395e

  • SHA512

    a115f1d1dd61ed78e60d519eea0558daf1ed37a05b5166915c5a317feec2c51eb0de8c0d1eefe19bae4e3090314090a3e28003a317aa503a640ed9e7db5cd6be

  • SSDEEP

    24576:MAYpW5I/8hFPJxKLxyEjI/2F69xgyd86:bFPJM0qDFmgyK

Score
10/10
redlinesectopratdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

C2

newlife957.duckdns.org:7225

Targets

    • Target

      b3e71b5e973a42dc9f297f79377165b7_JaffaCakes118

    • Size

      804KB

    • MD5

      b3e71b5e973a42dc9f297f79377165b7

    • SHA1

      a084d94b800a490f40852a42141fa8d56a7cb668

    • SHA256

      dd8accb35c4d3064543686f1f697b9e5eb4195fbefecef6f53e032ef2bd4395e

    • SHA512

      a115f1d1dd61ed78e60d519eea0558daf1ed37a05b5166915c5a317feec2c51eb0de8c0d1eefe19bae4e3090314090a3e28003a317aa503a640ed9e7db5cd6be

    • SSDEEP

      24576:MAYpW5I/8hFPJxKLxyEjI/2F69xgyd86:bFPJM0qDFmgyK

    Score
    10/10
    redlinesectopratdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks