General
-
Target
d4f571f4ec545df75b548c1f4b4e186f_JaffaCakes118
-
Size
326KB
-
Sample
240405-qpnn8adg66
-
MD5
d4f571f4ec545df75b548c1f4b4e186f
-
SHA1
e83f2c0c9dafbd70423f02f4ad7afce5fa9f136d
-
SHA256
1a6927123dcc345fcf81f07921d34c098b3a16c526f40f1e4d624e60f8e83892
-
SHA512
01bbb6177d7dc0008eb521048e0d633ba2ccaac8659b06ad930c14a9d0f350871ce8777b60417ea8a5d0d2687512690ddaf9e1b98c1ea2ecb6204b64c3fbb412
-
SSDEEP
6144:bxPOAfsdY0LoOaYo7jaO00ssjxAODFCSRFiItdlBgoySu6buzy:bxmGsdY0LoOaHWAiQeoNPgy
Static task
static1
Behavioral task
behavioral1
Sample
d4f571f4ec545df75b548c1f4b4e186f_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
d4f571f4ec545df75b548c1f4b4e186f_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
@Ant0nPavlov
5.188.118.163:80
-
auth_value
9bde7608ef33d6cbd8c01687cdd53196
Targets
-
-
Target
d4f571f4ec545df75b548c1f4b4e186f_JaffaCakes118
-
Size
326KB
-
MD5
d4f571f4ec545df75b548c1f4b4e186f
-
SHA1
e83f2c0c9dafbd70423f02f4ad7afce5fa9f136d
-
SHA256
1a6927123dcc345fcf81f07921d34c098b3a16c526f40f1e4d624e60f8e83892
-
SHA512
01bbb6177d7dc0008eb521048e0d633ba2ccaac8659b06ad930c14a9d0f350871ce8777b60417ea8a5d0d2687512690ddaf9e1b98c1ea2ecb6204b64c3fbb412
-
SSDEEP
6144:bxPOAfsdY0LoOaYo7jaO00ssjxAODFCSRFiItdlBgoySu6buzy:bxmGsdY0LoOaHWAiQeoNPgy
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Suspicious use of SetThreadContext
-