General
-
Target
bc43542f005e7e181e5efcb2ce047654_JaffaCakes118
-
Size
2.3MB
-
Sample
241203-hz6zjsvmbs
-
MD5
bc43542f005e7e181e5efcb2ce047654
-
SHA1
f6ebceddc551667f82e81c8df64efad4bfe9d367
-
SHA256
37f2d96a016ee990d7e9eb60096de7d949fd69bb53f8ea62aeae2f7026610198
-
SHA512
6e18e6f8c749f163a6cbb1b60daef86e9c08da4138b6cd769ea65cfa385801a848bb950a13848602df75c59c3eaf959e50ef6011cfc8dfc3fe2d86ec74f5be70
-
SSDEEP
49152:H5+hFobqb3KQPiCRFpIfp/au9InDnUQtP+0n/hbxiz8lVHTIioOFZQ+A:H5aFog6cDRPIhajnD5PppbxiqZ7A
Malware Config
Extracted
redline
@janhidf
45.14.12.90:52072
Targets
-
-
Target
bc43542f005e7e181e5efcb2ce047654_JaffaCakes118
-
Size
2.3MB
-
MD5
bc43542f005e7e181e5efcb2ce047654
-
SHA1
f6ebceddc551667f82e81c8df64efad4bfe9d367
-
SHA256
37f2d96a016ee990d7e9eb60096de7d949fd69bb53f8ea62aeae2f7026610198
-
SHA512
6e18e6f8c749f163a6cbb1b60daef86e9c08da4138b6cd769ea65cfa385801a848bb950a13848602df75c59c3eaf959e50ef6011cfc8dfc3fe2d86ec74f5be70
-
SSDEEP
49152:H5+hFobqb3KQPiCRFpIfp/au9InDnUQtP+0n/hbxiz8lVHTIioOFZQ+A:H5aFog6cDRPIhajnD5PppbxiqZ7A
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Sectoprat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-