General

  • Target

    JaffaCakes118_04c7c3b2d55b571fac252d9dd561f2c4

  • Size

    4.6MB

  • Sample

    250106-a64trssrbj

  • MD5

    04c7c3b2d55b571fac252d9dd561f2c4

  • SHA1

    2bb6b71c0b334627edb6615d05ad72f756dd2329

  • SHA256

    ee4ff9e096c5554c171921dfff68b32ae1e0da087383ff70e6225a91b4a04431

  • SHA512

    d09120f9d1a183173d1abed2342d64791bde1a913395b529476be1e7388774f63016fd403d4e34e86670c6cd69037adb27117bf93e759a29424af5656f21a650

  • SSDEEP

    98304:vLvpWs+7XJAmM2kG9NL69RSRMj0teD3YsMKBF3+NF9o+AKsAlMK80AIT:sZ/960UD3ZyBxX

Malware Config

Extracted

Family

redline

Botnet

@saxtamazer

C2

138.124.186.121:45760

Attributes
  • auth_value

    9b509f3ca2ec2a739920d789362e5ac4

Targets

    • Target

      JaffaCakes118_04c7c3b2d55b571fac252d9dd561f2c4

    • Size

      4.6MB

    • MD5

      04c7c3b2d55b571fac252d9dd561f2c4

    • SHA1

      2bb6b71c0b334627edb6615d05ad72f756dd2329

    • SHA256

      ee4ff9e096c5554c171921dfff68b32ae1e0da087383ff70e6225a91b4a04431

    • SHA512

      d09120f9d1a183173d1abed2342d64791bde1a913395b529476be1e7388774f63016fd403d4e34e86670c6cd69037adb27117bf93e759a29424af5656f21a650

    • SSDEEP

      98304:vLvpWs+7XJAmM2kG9NL69RSRMj0teD3YsMKBF3+NF9o+AKsAlMK80AIT:sZ/960UD3ZyBxX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks