General

  • Target

    JaffaCakes118_0e7296eeb96ea9ce4a0b79742650e03799d31b4fb76da7468c7ca872e49f84bc

  • Size

    850.0MB

  • Sample

    241223-sjwhzssqgs

  • MD5

    eedf2268c033279cf00fa631bd1c204b

  • SHA1

    6605403929c2e1c5813e7f29a7e21c2f6f6405ad

  • SHA256

    0e7296eeb96ea9ce4a0b79742650e03799d31b4fb76da7468c7ca872e49f84bc

  • SHA512

    d1726824e1845b47ddc64582bfb6f29dbe482686b427fe616cc9ac9d5c2108425af8808303a4ef17489e25879e2c41174589b1d9a2f5dfe3dba10f073360cb40

  • SSDEEP

    98304:wE5lkJFhxG6/tIKBDBG9+svXMWRsrF2WKfFqm8X:z5lOhnWK9oIrcWK92

Malware Config

Extracted

Family

redline

Botnet

me

C2

92.119.112.239:28769

Attributes
  • auth_value

    0b41ed1bdf04c7505d47398771081370

Targets

    • Target

      JaffaCakes118_0e7296eeb96ea9ce4a0b79742650e03799d31b4fb76da7468c7ca872e49f84bc

    • Size

      850.0MB

    • MD5

      eedf2268c033279cf00fa631bd1c204b

    • SHA1

      6605403929c2e1c5813e7f29a7e21c2f6f6405ad

    • SHA256

      0e7296eeb96ea9ce4a0b79742650e03799d31b4fb76da7468c7ca872e49f84bc

    • SHA512

      d1726824e1845b47ddc64582bfb6f29dbe482686b427fe616cc9ac9d5c2108425af8808303a4ef17489e25879e2c41174589b1d9a2f5dfe3dba10f073360cb40

    • SSDEEP

      98304:wE5lkJFhxG6/tIKBDBG9+svXMWRsrF2WKfFqm8X:z5lOhnWK9oIrcWK92

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks