Overview

overview

10

Static

static

3

JaffaCakes...b9.exe

windows7-x64

10

JaffaCakes...b9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_540935891d17e9f3ac8e1837c153e8b9

  • Size

    421KB

  • Sample

    250101-n18sestngy

  • MD5

    540935891d17e9f3ac8e1837c153e8b9

  • SHA1

    61eac73c57f4da5fd00045abf818c2fced5ef4d7

  • SHA256

    284445d11ebd4f7dc8ce0df488c273e1e33971eecdeae2c8bb717b7697f3e4f7

  • SHA512

    15aa00c993b4b3eaa7c3b7edcbe64a015351c1dd1c95e46e68efcd98e48702c8045efa965656bbcce421f40563fcbdf529a89632fe24cec4d8d68be30aba6a6d

  • SSDEEP

    12288:BhhliEo+iEnvpb8C7d5RZIddUUx8WK/PU:xlC

Score
10/10
redlinesectopratgta5terrormmdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

GTA5TerrorMM

C2

185.215.113.55:36801

Attributes
  • auth_value

    5c57f1eb36bb351b7007ba406bba7afc

Targets

    • Target

      JaffaCakes118_540935891d17e9f3ac8e1837c153e8b9

    • Size

      421KB

    • MD5

      540935891d17e9f3ac8e1837c153e8b9

    • SHA1

      61eac73c57f4da5fd00045abf818c2fced5ef4d7

    • SHA256

      284445d11ebd4f7dc8ce0df488c273e1e33971eecdeae2c8bb717b7697f3e4f7

    • SHA512

      15aa00c993b4b3eaa7c3b7edcbe64a015351c1dd1c95e46e68efcd98e48702c8045efa965656bbcce421f40563fcbdf529a89632fe24cec4d8d68be30aba6a6d

    • SSDEEP

      12288:BhhliEo+iEnvpb8C7d5RZIddUUx8WK/PU:xlC

    Score
    10/10
    redlinesectopratgta5terrormmdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks