General

  • Target

    JaffaCakes118_c5a4e7a2d7c860d9d7977a2601fc7d865aaec3bcdfc9740498211b9a12753e6f

  • Size

    800.0MB

  • Sample

    241223-x1swmsykfr

  • MD5

    859bc7b08d641bd37b35884ba21fc3a3

  • SHA1

    bf5877193e13cb79ddb629d93159e0a486df3f7f

  • SHA256

    c5a4e7a2d7c860d9d7977a2601fc7d865aaec3bcdfc9740498211b9a12753e6f

  • SHA512

    cc9135e116165dd6226c80fdb982f2aa30317fa99b4c59c5c1060a1e833b0a41b3cf3f2d873fe8e1b72866fc50a5f09666794a2636910647061ef1e40df6720f

  • SSDEEP

    1536:+iWKpPPCaSjY1WUWTD+8zoJKs7W4g1ruZ6g+UKzyjJN7rYCI+oyfBGBn3f74bcgn:hWKpP/wr0fSBzgyQ3CIekyA1

Malware Config

Extracted

Family

redline

Botnet

@NekoChan815

C2

45.15.157.131:36457

Attributes
  • auth_value

    27e91af9bac7df060a7c43fed05eded6

Targets

    • Target

      JaffaCakes118_c5a4e7a2d7c860d9d7977a2601fc7d865aaec3bcdfc9740498211b9a12753e6f

    • Size

      800.0MB

    • MD5

      859bc7b08d641bd37b35884ba21fc3a3

    • SHA1

      bf5877193e13cb79ddb629d93159e0a486df3f7f

    • SHA256

      c5a4e7a2d7c860d9d7977a2601fc7d865aaec3bcdfc9740498211b9a12753e6f

    • SHA512

      cc9135e116165dd6226c80fdb982f2aa30317fa99b4c59c5c1060a1e833b0a41b3cf3f2d873fe8e1b72866fc50a5f09666794a2636910647061ef1e40df6720f

    • SSDEEP

      1536:+iWKpPPCaSjY1WUWTD+8zoJKs7W4g1ruZ6g+UKzyjJN7rYCI+oyfBGBn3f74bcgn:hWKpP/wr0fSBzgyQ3CIekyA1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks