Overview

overview

10

Static

static

1

ef1ecee377...18.exe

windows7-x64

10

ef1ecee377...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef1ecee3772c052ccac649ef32cbae70_JaffaCakes118

  • Size

    612KB

  • Sample

    241214-rcnzwstqf1

  • MD5

    ef1ecee3772c052ccac649ef32cbae70

  • SHA1

    60bc3d48881283e630bb1d1d18ff462565a334a8

  • SHA256

    be85aa796a2e95776700597643feebe73ff81f6291a8744297d96b65d055de68

  • SHA512

    4f6b92624aea7ba55e1064402a43233c049f24357a299bb7fda2bef00d7063ed211bcd3f8850c865b165be4d178ff7bd817736dbc02349792cd460a71f62c188

  • SSDEEP

    12288:vklLKyvt1685eA1GofkhUHq8LBkjTz8VebO/VWpWdAX:mtIG13DLaX

Score
10/10
redlinesectoprat11_08_bigboydiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

11_08_bigboy

C2

zertypelil.xyz:80

Targets

    • Target

      ef1ecee3772c052ccac649ef32cbae70_JaffaCakes118

    • Size

      612KB

    • MD5

      ef1ecee3772c052ccac649ef32cbae70

    • SHA1

      60bc3d48881283e630bb1d1d18ff462565a334a8

    • SHA256

      be85aa796a2e95776700597643feebe73ff81f6291a8744297d96b65d055de68

    • SHA512

      4f6b92624aea7ba55e1064402a43233c049f24357a299bb7fda2bef00d7063ed211bcd3f8850c865b165be4d178ff7bd817736dbc02349792cd460a71f62c188

    • SSDEEP

      12288:vklLKyvt1685eA1GofkhUHq8LBkjTz8VebO/VWpWdAX:mtIG13DLaX

    Score
    10/10
    redlinesectoprat11_08_bigboydiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks