General

  • Target

    JaffaCakes118_a5a83474450554b7da04587cf77f76ec

  • Size

    770.0MB

  • Sample

    241224-mpvwravqem

  • MD5

    a5a83474450554b7da04587cf77f76ec

  • SHA1

    a8a579d8a66f4875df9cbed1a2a6c3392b232853

  • SHA256

    b4781474596c183da5b10c22ce2260c802ef4f553ed347f4813ad30cab0d56e2

  • SHA512

    db5c11cab72ccd89de9982c1dd5488e608195f795c5118f31160dab4a01c86d439ca9ddb37212647c38e0eac4d6394d3e47fe9c1e340f1f4cf95856e54624ee5

  • SSDEEP

    12288:anAcUmI0cmsN0C1pXVnljw7zSrmP2LszN2lRjFoC8GJx5v:aY0mygdVlM7zSsWRSCv3R

Malware Config

Extracted

Family

redline

Botnet

word 7

C2

65.21.74.139:20775

Attributes
  • auth_value

    fc283e807b7b9afa9b29c1b782aad551

Targets

    • Target

      JaffaCakes118_a5a83474450554b7da04587cf77f76ec

    • Size

      770.0MB

    • MD5

      a5a83474450554b7da04587cf77f76ec

    • SHA1

      a8a579d8a66f4875df9cbed1a2a6c3392b232853

    • SHA256

      b4781474596c183da5b10c22ce2260c802ef4f553ed347f4813ad30cab0d56e2

    • SHA512

      db5c11cab72ccd89de9982c1dd5488e608195f795c5118f31160dab4a01c86d439ca9ddb37212647c38e0eac4d6394d3e47fe9c1e340f1f4cf95856e54624ee5

    • SSDEEP

      12288:anAcUmI0cmsN0C1pXVnljw7zSrmP2LszN2lRjFoC8GJx5v:aY0mygdVlM7zSsWRSCv3R

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks