Overview

overview

10

Static

static

3

JaffaCakes...e9.exe

windows7-x64

10

JaffaCakes...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_581eb835704dae36c609d9bd10cf5fe9

  • Size

    407KB

  • Sample

    250107-kcr8zsvlan

  • MD5

    581eb835704dae36c609d9bd10cf5fe9

  • SHA1

    5a6099c568d14652c88c249aa5f8f1798741d576

  • SHA256

    ac00b8ebb330e78f2f347f177b9bd2f49a01722616169e3ade797ef343ef07d1

  • SHA512

    22f095152f6b20e88ddd19c1af1f1607b596cfb84186ba86dc8d76cafcfe55ed67cfc49a51a63ec9df2122d1bb24d645776988298af3792c4fd3ab1feb8cafbd

  • SSDEEP

    12288:H0Q3i8JYQwcygpSDdQ0dkmdK+3XxlX/WDj:H0o7JYQwqpSa0Z3Xxlo

Score
10/10
redlinesectopratpubdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

PUB

C2

45.9.20.182:52236

Attributes
  • auth_value

    a272f3a2850ec3dccdaed97234b7c40e

Targets

    • Target

      JaffaCakes118_581eb835704dae36c609d9bd10cf5fe9

    • Size

      407KB

    • MD5

      581eb835704dae36c609d9bd10cf5fe9

    • SHA1

      5a6099c568d14652c88c249aa5f8f1798741d576

    • SHA256

      ac00b8ebb330e78f2f347f177b9bd2f49a01722616169e3ade797ef343ef07d1

    • SHA512

      22f095152f6b20e88ddd19c1af1f1607b596cfb84186ba86dc8d76cafcfe55ed67cfc49a51a63ec9df2122d1bb24d645776988298af3792c4fd3ab1feb8cafbd

    • SSDEEP

      12288:H0Q3i8JYQwcygpSDdQ0dkmdK+3XxlX/WDj:H0o7JYQwqpSa0Z3Xxlo

    Score
    10/10
    redlinesectopratpubdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks