Overview

overview

10

Static

static

3

JaffaCakes...66.exe

windows7-x64

10

JaffaCakes...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_057af863d934533754ad9ae12c2def66

  • Size

    850KB

  • Sample

    250106-bfrl7atkeq

  • MD5

    057af863d934533754ad9ae12c2def66

  • SHA1

    1716116ed561d5a99d7f654f84fb756c8be22046

  • SHA256

    91371f405dcb6439a53162611b872179c20b57f0973edfef3e6d58683d89b0b9

  • SHA512

    1c778ae8873c7bac9acf2f367a1c6ea2b513bd9f2c2d0c25ec348827540a770f676ee00d7571c5b3d9d7038ad674229e79f4e34c5f8fcfb4c9bdd0eeed7286db

  • SSDEEP

    12288:SQ8AdEpzX9+R+wySg0Ax2Gpfs8ynk5MxtaUxYye3pex1re0+c9NYcNr:NupzBwygAoGp6pxJ0pexhe0+c9Nr

Score
10/10
redlinesectoprat@bbakochdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

@bbakoch

C2

92.119.113.189:21746

Attributes
  • auth_value

    de713911efa818890ac36085c9a0fc58

Targets

    • Target

      JaffaCakes118_057af863d934533754ad9ae12c2def66

    • Size

      850KB

    • MD5

      057af863d934533754ad9ae12c2def66

    • SHA1

      1716116ed561d5a99d7f654f84fb756c8be22046

    • SHA256

      91371f405dcb6439a53162611b872179c20b57f0973edfef3e6d58683d89b0b9

    • SHA512

      1c778ae8873c7bac9acf2f367a1c6ea2b513bd9f2c2d0c25ec348827540a770f676ee00d7571c5b3d9d7038ad674229e79f4e34c5f8fcfb4c9bdd0eeed7286db

    • SSDEEP

      12288:SQ8AdEpzX9+R+wySg0Ax2Gpfs8ynk5MxtaUxYye3pex1re0+c9NYcNr:NupzBwygAoGp6pxJ0pexhe0+c9Nr

    Score
    10/10
    redlinesectoprat@bbakochdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks