Overview

overview

10

Static

static

3

JaffaCakes...f8.exe

windows7-x64

10

JaffaCakes...f8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4ada63989352828ff9df7a4a7dd6c4f8

  • Size

    4.6MB

  • Sample

    250107-d1dl6stqbq

  • MD5

    4ada63989352828ff9df7a4a7dd6c4f8

  • SHA1

    fd912f8f542c4848acef1c04ccb61629e073eeca

  • SHA256

    26dc50039039237dfe570efaf3bc51be0517339f138e660ac86c2602b29b54b2

  • SHA512

    b4adb18529a9d5643abac8e740417abc83460b1d20a43feaf36570e2c68f36666ead60320ac79183e97d0bf79ecb94871743d78652873329409946fd12c3865a

  • SSDEEP

    98304:pLn6YTPEtnJ+4cCZBkuI0x3WlqEHBH2gcqv8p1jukT3xt:0t7cCZaWxREhH2MEq63r

Score
10/10
redlinesectoprat@frecorediscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

@frecore

C2

185.215.113.51:28209

Attributes
  • auth_value

    8a057b047bb60399b5cc0fa800e50e51

Targets

    • Target

      JaffaCakes118_4ada63989352828ff9df7a4a7dd6c4f8

    • Size

      4.6MB

    • MD5

      4ada63989352828ff9df7a4a7dd6c4f8

    • SHA1

      fd912f8f542c4848acef1c04ccb61629e073eeca

    • SHA256

      26dc50039039237dfe570efaf3bc51be0517339f138e660ac86c2602b29b54b2

    • SHA512

      b4adb18529a9d5643abac8e740417abc83460b1d20a43feaf36570e2c68f36666ead60320ac79183e97d0bf79ecb94871743d78652873329409946fd12c3865a

    • SSDEEP

      98304:pLn6YTPEtnJ+4cCZBkuI0x3WlqEHBH2gcqv8p1jukT3xt:0t7cCZaWxREhH2MEq63r

    Score
    10/10
    redlinesectoprat@frecorediscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks