General

  • Target

    JaffaCakes118_114840b7d4c02148771504678ec5194d

  • Size

    4.7MB

  • Sample

    250106-f8vlrsxmfw

  • MD5

    114840b7d4c02148771504678ec5194d

  • SHA1

    e13efbdede3abbd0f6b3c906aced6c01e18ab57d

  • SHA256

    0ca1d29d1d10c5005fd400c67610a7baf6137c4758a9a28e1241c3d18b7f1e14

  • SHA512

    82499fee3f5ac521632de556f35f6c3ee8049f4df7e4b6ec9cd7a60997ca080f3a7d99b6419037be583b05991137e71306bbae0943ec4b98ddcb026f93621f07

  • SSDEEP

    98304:hLEGnnBSDWQ6H3YC0ctCMRUeKHCG39M5aiLxwBk2Q:lSEYC02NKR3JkV

Malware Config

Extracted

Family

redline

Botnet

@veteran322

C2

ananasalit.xyz:81

Attributes
  • auth_value

    55d48a1a930cf4d6f3e2d6bcd0daaf07

Targets

    • Target

      JaffaCakes118_114840b7d4c02148771504678ec5194d

    • Size

      4.7MB

    • MD5

      114840b7d4c02148771504678ec5194d

    • SHA1

      e13efbdede3abbd0f6b3c906aced6c01e18ab57d

    • SHA256

      0ca1d29d1d10c5005fd400c67610a7baf6137c4758a9a28e1241c3d18b7f1e14

    • SHA512

      82499fee3f5ac521632de556f35f6c3ee8049f4df7e4b6ec9cd7a60997ca080f3a7d99b6419037be583b05991137e71306bbae0943ec4b98ddcb026f93621f07

    • SSDEEP

      98304:hLEGnnBSDWQ6H3YC0ctCMRUeKHCG39M5aiLxwBk2Q:lSEYC02NKR3JkV

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks