General

  • Target

    JaffaCakes118_628c16dd75d00f4afc06d3a43c8b4b1f

  • Size

    4.7MB

  • Sample

    250102-enk16aslgt

  • MD5

    628c16dd75d00f4afc06d3a43c8b4b1f

  • SHA1

    a13ebd469f1a16770acdc542469c8209f533cad7

  • SHA256

    272bea37ad116a17d3a333082a6d0a5295271f54b5b959b771ac340b132c063f

  • SHA512

    918a26d7dbee6d926010ec12f7d9cc19cf9baab99467087154720b9e1ad469c5d47a9346a84f4a2312776100d73b99948e970757d900f70a9e2dbe46a79ccd4f

  • SSDEEP

    98304:0LimPiasL0jtXpOcx3OIf0/APJsWCKIbsC5JBRFSI6rqUN:ksQhpxOIFsf1TjFSd7

Malware Config

Extracted

Family

redline

Botnet

@Joindsa

C2

164.132.202.45:20588

Attributes
  • auth_value

    3e9eda97b6589ac15756de0ba010d48f

Targets

    • Target

      JaffaCakes118_628c16dd75d00f4afc06d3a43c8b4b1f

    • Size

      4.7MB

    • MD5

      628c16dd75d00f4afc06d3a43c8b4b1f

    • SHA1

      a13ebd469f1a16770acdc542469c8209f533cad7

    • SHA256

      272bea37ad116a17d3a333082a6d0a5295271f54b5b959b771ac340b132c063f

    • SHA512

      918a26d7dbee6d926010ec12f7d9cc19cf9baab99467087154720b9e1ad469c5d47a9346a84f4a2312776100d73b99948e970757d900f70a9e2dbe46a79ccd4f

    • SSDEEP

      98304:0LimPiasL0jtXpOcx3OIf0/APJsWCKIbsC5JBRFSI6rqUN:ksQhpxOIFsf1TjFSd7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks