Overview

overview

10

Static

static

1

JaffaCakes...d8.exe

windows7-x64

1

JaffaCakes...d8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_b235b3a7b3f677ee1919bbaa131249d8

  • Size

    246KB

  • Sample

    250105-vfm4jsskhp

  • MD5

    b235b3a7b3f677ee1919bbaa131249d8

  • SHA1

    89f628f59e558851d5d1c5051e17e6dbb37df63b

  • SHA256

    0788a9cac7f9af31a47c7c1de800e030fabc0ed577d76f94da3cb3cf1a663b9b

  • SHA512

    c3d83c6ea874f23de96e5850977bf65e83f9bb64a3dfb36df28e0d5823962051c266fb3714db948891bd8b327d845912adbfdb582eb179fb1fc7ef31497f7970

  • SSDEEP

    6144:L4dEuFbVTOlrGyhBHZIpR7opEjCiIgWKy:UdEuFmHm4E0gPy

Score
10/10
redlinesectopratdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

C2

141.94.188.138:46419

Attributes
  • auth_value

    3f48b95855158031ae9e7dafcb203009

Targets

    • Target

      JaffaCakes118_b235b3a7b3f677ee1919bbaa131249d8

    • Size

      246KB

    • MD5

      b235b3a7b3f677ee1919bbaa131249d8

    • SHA1

      89f628f59e558851d5d1c5051e17e6dbb37df63b

    • SHA256

      0788a9cac7f9af31a47c7c1de800e030fabc0ed577d76f94da3cb3cf1a663b9b

    • SHA512

      c3d83c6ea874f23de96e5850977bf65e83f9bb64a3dfb36df28e0d5823962051c266fb3714db948891bd8b327d845912adbfdb582eb179fb1fc7ef31497f7970

    • SSDEEP

      6144:L4dEuFbVTOlrGyhBHZIpR7opEjCiIgWKy:UdEuFmHm4E0gPy

    Score
    10/10
    redlinesectopratdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks