General

  • Target

    JaffaCakes118_e6ca2e40f46d8abe41eb76ba86f0a2867acbc9fbbaffc90769ced891c87e968a

  • Size

    734.3MB

  • Sample

    241224-n2vl7axkbk

  • MD5

    52df2a39819f3488060a76b5b480e7b2

  • SHA1

    06aaec51456db541cd461a4f9569191c2dac9b70

  • SHA256

    e6ca2e40f46d8abe41eb76ba86f0a2867acbc9fbbaffc90769ced891c87e968a

  • SHA512

    a53753d209ccb4104700e13fd39715868b0e47bf4704ae1570b9f4e85d9d5a212f5a81d310ab7f014ae79da076ef996346f67c61961e9a41730ca538b34c629a

  • SSDEEP

    1536:wS44cISk+2GlV12JrNKAC5rSW7sM/yExKGvS/VMcYzthOij0u2p9/0jAeqgDKXOV:wHMXc71CNRGmwzdguO9/QfK+yQesOO

Malware Config

Extracted

Family

redline

Botnet

5967465505_99

C2

cocomarket.win:3306

cocomarket.win:28786

Attributes
  • auth_value

    2973451d1614a2e782ae153fbce2b56b

Targets

    • Target

      JaffaCakes118_e6ca2e40f46d8abe41eb76ba86f0a2867acbc9fbbaffc90769ced891c87e968a

    • Size

      734.3MB

    • MD5

      52df2a39819f3488060a76b5b480e7b2

    • SHA1

      06aaec51456db541cd461a4f9569191c2dac9b70

    • SHA256

      e6ca2e40f46d8abe41eb76ba86f0a2867acbc9fbbaffc90769ced891c87e968a

    • SHA512

      a53753d209ccb4104700e13fd39715868b0e47bf4704ae1570b9f4e85d9d5a212f5a81d310ab7f014ae79da076ef996346f67c61961e9a41730ca538b34c629a

    • SSDEEP

      1536:wS44cISk+2GlV12JrNKAC5rSW7sM/yExKGvS/VMcYzthOij0u2p9/0jAeqgDKXOV:wHMXc71CNRGmwzdguO9/QfK+yQesOO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks