Overview

overview

10

Static

static

3

JaffaCakes...7a.exe

windows7-x64

10

JaffaCakes...7a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_e4333323fc20f53546ca63d069d6a77a

  • Size

    432KB

  • Sample

    250110-plkmqawngl

  • MD5

    e4333323fc20f53546ca63d069d6a77a

  • SHA1

    c35ae3977bc84f9e586cfcce2d59bd3b376e8a6a

  • SHA256

    be3052367a083edb49c981c3d8f87bdb92e61a3457e3a1ff33c68d6a5671a4f0

  • SHA512

    056068db94f7fb4f1b92a7fc2468e7a687037af3f215b00db28f94d5ac51131a37b7544d315a0bae7b7c6ca6cac275739578b3166f571a97d5536c10d6c51334

  • SSDEEP

    12288:mUEg0pPvwCCCNUZDBL+MlU43opBzcWzuuZVY6:mdvpnwJXBaMx3opBVu

Score
10/10
redlinesectopratshediscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

she

C2

135.181.129.119:4805

Attributes
  • auth_value

    b69102cdbd4afe2d3159f88fb6dac731

Targets

    • Target

      JaffaCakes118_e4333323fc20f53546ca63d069d6a77a

    • Size

      432KB

    • MD5

      e4333323fc20f53546ca63d069d6a77a

    • SHA1

      c35ae3977bc84f9e586cfcce2d59bd3b376e8a6a

    • SHA256

      be3052367a083edb49c981c3d8f87bdb92e61a3457e3a1ff33c68d6a5671a4f0

    • SHA512

      056068db94f7fb4f1b92a7fc2468e7a687037af3f215b00db28f94d5ac51131a37b7544d315a0bae7b7c6ca6cac275739578b3166f571a97d5536c10d6c51334

    • SSDEEP

      12288:mUEg0pPvwCCCNUZDBL+MlU43opBzcWzuuZVY6:mdvpnwJXBaMx3opBVu

    Score
    10/10
    redlinesectopratshediscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks