General

  • Target

    JaffaCakes118_c84ac5d003d64abfba712b97ea1e9d5668a457280de8ba05fb17999986ca8fdc

  • Size

    746.5MB

  • Sample

    241224-vxfqssspby

  • MD5

    8328cb63b33363844539847a1bb33455

  • SHA1

    911db14e14b45a7fc0db7111c1e18b4a08f4ba58

  • SHA256

    c84ac5d003d64abfba712b97ea1e9d5668a457280de8ba05fb17999986ca8fdc

  • SHA512

    a8582f081c69471f569ef8822145b6fcf35e8471820c080972eb05e3de02c37a36c9376ee89ebefd47be29398fe9de549fc2e9d8cec391af2720968647237c7b

  • SSDEEP

    49152:MOZM2g29VOD1yQpHfzivSp5vrMtyqvFhbqo4uHBlBcl:NLa1JpzivevrMty8bqozB

Malware Config

Extracted

Family

redline

Botnet

25.03

C2

37.220.87.78:25387

Attributes
  • auth_value

    5cfc89aee6c1fd926c66b4cb6c07caa2

Targets

    • Target

      JaffaCakes118_c84ac5d003d64abfba712b97ea1e9d5668a457280de8ba05fb17999986ca8fdc

    • Size

      746.5MB

    • MD5

      8328cb63b33363844539847a1bb33455

    • SHA1

      911db14e14b45a7fc0db7111c1e18b4a08f4ba58

    • SHA256

      c84ac5d003d64abfba712b97ea1e9d5668a457280de8ba05fb17999986ca8fdc

    • SHA512

      a8582f081c69471f569ef8822145b6fcf35e8471820c080972eb05e3de02c37a36c9376ee89ebefd47be29398fe9de549fc2e9d8cec391af2720968647237c7b

    • SSDEEP

      49152:MOZM2g29VOD1yQpHfzivSp5vrMtyqvFhbqo4uHBlBcl:NLa1JpzivevrMty8bqozB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks