General
-
Target
JaffaCakes118_7a7cdfda8e4d73fc0c2c5099d61177bc
-
Size
4.6MB
-
Sample
250104-s4nnwavrd1
-
MD5
7a7cdfda8e4d73fc0c2c5099d61177bc
-
SHA1
ade1fbd20081187dd6a80382285a731b476bfdf6
-
SHA256
789215f22225f633317fd7195d4abdea03e23e07296ce1573218b4e0988e68db
-
SHA512
4ad5df30f209b8337bbc23488f6bafff1786e321102fc2483b0ae5d2926526651a7a5bf6d8b704e35d634ebf2e22310470cc607affeb3e51306d24d8afa87569
-
SSDEEP
98304:TLegK//XVagENtj/fWnKXGiGf+RBURDDuvfMQV0sK1VVdqSGLCq:WFxEn/fWKifjhwMFswVVMSGLCq
Malware Config
Extracted
redline
1747604984
94.26.248.120:63731
-
auth_value
ee8187fd574be73a935e073f8b5705eb
Targets
-
-
Target
JaffaCakes118_7a7cdfda8e4d73fc0c2c5099d61177bc
-
Size
4.6MB
-
MD5
7a7cdfda8e4d73fc0c2c5099d61177bc
-
SHA1
ade1fbd20081187dd6a80382285a731b476bfdf6
-
SHA256
789215f22225f633317fd7195d4abdea03e23e07296ce1573218b4e0988e68db
-
SHA512
4ad5df30f209b8337bbc23488f6bafff1786e321102fc2483b0ae5d2926526651a7a5bf6d8b704e35d634ebf2e22310470cc607affeb3e51306d24d8afa87569
-
SSDEEP
98304:TLegK//XVagENtj/fWnKXGiGf+RBURDDuvfMQV0sK1VVdqSGLCq:WFxEn/fWKifjhwMFswVVMSGLCq
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of SetThreadContext
-