General

  • Target

    JaffaCakes118_75d343402314f90b697908cdbc8d34c0f0c22348ba218a01466af92ff754db47

  • Size

    714.0MB

  • Sample

    241224-3fl59a1kaq

  • MD5

    875aec5a2c9e3e850e922570a2239080

  • SHA1

    c6c39d29f88e88b582507336a3567c660259f724

  • SHA256

    75d343402314f90b697908cdbc8d34c0f0c22348ba218a01466af92ff754db47

  • SHA512

    517423303e09626a80fea90f2dfd6e8941f77154b3bb4db0bd6aae4269ee32eabaacb47ac4a2b46f67c8a5301940d12ef19c25520319d66dab8a21421fe07917

  • SSDEEP

    6144:X8KNYtfAZQn6mNf8DXjeCAOKI8QKZZ18k8ui5XwwT1:X7YfAZQn6pQIJcZ1TXM3T1

Malware Config

Extracted

Family

redline

Botnet

5799166626_99

C2

krimeaboom.xyz:28786

Attributes
  • auth_value

    511183fc8a55d2a94b4bf80b68e98d08

Targets

    • Target

      JaffaCakes118_75d343402314f90b697908cdbc8d34c0f0c22348ba218a01466af92ff754db47

    • Size

      714.0MB

    • MD5

      875aec5a2c9e3e850e922570a2239080

    • SHA1

      c6c39d29f88e88b582507336a3567c660259f724

    • SHA256

      75d343402314f90b697908cdbc8d34c0f0c22348ba218a01466af92ff754db47

    • SHA512

      517423303e09626a80fea90f2dfd6e8941f77154b3bb4db0bd6aae4269ee32eabaacb47ac4a2b46f67c8a5301940d12ef19c25520319d66dab8a21421fe07917

    • SSDEEP

      6144:X8KNYtfAZQn6mNf8DXjeCAOKI8QKZZ18k8ui5XwwT1:X7YfAZQn6pQIJcZ1TXM3T1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks