Overview

overview

10

Static

static

3

JaffaCakes...88.exe

windows7-x64

10

JaffaCakes...88.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5146ce5b72e8c3f2790a453901a00b88

  • Size

    387KB

  • Sample

    250107-gmdlssyrbp

  • MD5

    5146ce5b72e8c3f2790a453901a00b88

  • SHA1

    0aa09f32ccc40e7a0e34d728383e9e846693b19d

  • SHA256

    ba010fe4cb1723522591fdc9ae6244ee785bbc321153be865a4d50dd863fdb8b

  • SHA512

    75107c6594fc7a50c738771df7968e054092c4bf059dde61f7d7411472eea2ade2a14e68f273d88964c34051f308374069c2b2efb5faab1946c0e620defe9129

  • SSDEEP

    6144:Vjskmp8HowkpnqNQ6y9YqOFVkHpKxA1JoYHNmaIVyKixm/AcwGg0w5:HmZD9qgOVIrJoWMaIVyKb/AcDG5

Score
10/10
redlinesectopratpaladindiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

37.228.129.48:29795

Attributes
  • auth_value

    f27db372188045eefdf974196ead3dae

Targets

    • Target

      JaffaCakes118_5146ce5b72e8c3f2790a453901a00b88

    • Size

      387KB

    • MD5

      5146ce5b72e8c3f2790a453901a00b88

    • SHA1

      0aa09f32ccc40e7a0e34d728383e9e846693b19d

    • SHA256

      ba010fe4cb1723522591fdc9ae6244ee785bbc321153be865a4d50dd863fdb8b

    • SHA512

      75107c6594fc7a50c738771df7968e054092c4bf059dde61f7d7411472eea2ade2a14e68f273d88964c34051f308374069c2b2efb5faab1946c0e620defe9129

    • SSDEEP

      6144:Vjskmp8HowkpnqNQ6y9YqOFVkHpKxA1JoYHNmaIVyKixm/AcwGg0w5:HmZD9qgOVIrJoWMaIVyKb/AcDG5

    Score
    10/10
    redlinesectopratpaladindiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks