General

  • Target

    JaffaCakes118_c3ccb3297b24ed6ff2c4ee3386d14851

  • Size

    940.3MB

  • Sample

    241224-qxzrfsynhr

  • MD5

    c3ccb3297b24ed6ff2c4ee3386d14851

  • SHA1

    a64ccaa389721fd638ce7aed9666e52d0ed75743

  • SHA256

    7734bd3afeba5e442e14c2012fdc48699b80130fd0946d584e8e5e63854772fc

  • SHA512

    9be1641803c59ab3cbb85b04f4fc40d8e494349af01edfc4833420a6c2fde2897b46c43cf6aa7c51155d55948a45348b28e3ec7abf93c22771f3632f2e7b4e70

  • SSDEEP

    6144:CMW+SXVyLP7mjFXuxyDG4dIgBZcE/uZIxY+RucWNZTCnMBIw:9W+SXVyLP7mjExyrdIy/zmvcST+Nw

Malware Config

Extracted

Family

redline

Botnet

cryptexx

C2

91.121.90.129:39821

Attributes
  • auth_value

    15606d7ce86d535ab6b25fc8526edeb3

Targets

    • Target

      JaffaCakes118_c3ccb3297b24ed6ff2c4ee3386d14851

    • Size

      940.3MB

    • MD5

      c3ccb3297b24ed6ff2c4ee3386d14851

    • SHA1

      a64ccaa389721fd638ce7aed9666e52d0ed75743

    • SHA256

      7734bd3afeba5e442e14c2012fdc48699b80130fd0946d584e8e5e63854772fc

    • SHA512

      9be1641803c59ab3cbb85b04f4fc40d8e494349af01edfc4833420a6c2fde2897b46c43cf6aa7c51155d55948a45348b28e3ec7abf93c22771f3632f2e7b4e70

    • SSDEEP

      6144:CMW+SXVyLP7mjFXuxyDG4dIgBZcE/uZIxY+RucWNZTCnMBIw:9W+SXVyLP7mjExyrdIy/zmvcST+Nw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks