General

  • Target

    af2395e569399b59d279ba82d42e3029_JaffaCakes118

  • Size

    120KB

  • Sample

    241129-f121waxpgt

  • MD5

    af2395e569399b59d279ba82d42e3029

  • SHA1

    804ded213b662b2d598f5dbcc95cb82d04d19dfb

  • SHA256

    18173b6f31b6a2cd15cf02670e0de40f2ec1814fe1d514b414741c360697ebd0

  • SHA512

    f9d508aefc33e059664f200b91088d9ba752f7bde100f6df143fb3896f6ae76bef5dc36dbb8bf5a5de752e14fbdcff21d5754273458d5208e137d88991689cdc

  • SSDEEP

    3072:CgQ0RQozQXo6W66/WInFsvtr0J+C4+zuhC6agueoHKLPW:CgQ0RQocoa1kuhboHZ

Malware Config

Extracted

Family

redline

Botnet

@qqqqqry

C2

45.14.12.90:52072

Targets

    • Target

      af2395e569399b59d279ba82d42e3029_JaffaCakes118

    • Size

      120KB

    • MD5

      af2395e569399b59d279ba82d42e3029

    • SHA1

      804ded213b662b2d598f5dbcc95cb82d04d19dfb

    • SHA256

      18173b6f31b6a2cd15cf02670e0de40f2ec1814fe1d514b414741c360697ebd0

    • SHA512

      f9d508aefc33e059664f200b91088d9ba752f7bde100f6df143fb3896f6ae76bef5dc36dbb8bf5a5de752e14fbdcff21d5754273458d5208e137d88991689cdc

    • SSDEEP

      3072:CgQ0RQozQXo6W66/WInFsvtr0J+C4+zuhC6agueoHKLPW:CgQ0RQocoa1kuhboHZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks