General
-
Target
d8d0425e4ccb4b09d0e380dc52501d95_JaffaCakes118
-
Size
154KB
-
Sample
240405-tyk68sgg7y
-
MD5
d8d0425e4ccb4b09d0e380dc52501d95
-
SHA1
a01f336a83ee8aa80be0201c4ce593c2560881a5
-
SHA256
80b8346e9233301cde3baf92a18baf30971039f02034e96d00f299563bcd787c
-
SHA512
6a12b159c4c1a9194516becc0acf3c38fb2af5df373dd93126a6d12bd716b1b521e0bcf0f7a821b965e7e03dabd264ef3c30ee5acf481fb89a69d8feb8e34cc3
-
SSDEEP
3072:dLNlaab8JsSFU8Y0gvRrkb4oreOcVfWv4lFr85l6JlaKi6Qir9:praaUZ7YnOb4seLfe4E5l6Jlai
Static task
static1
Behavioral task
behavioral1
Sample
d8d0425e4ccb4b09d0e380dc52501d95_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d8d0425e4ccb4b09d0e380dc52501d95_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
141.94.188.138:46419
-
auth_value
3f48b95855158031ae9e7dafcb203009
Targets
-
-
Target
d8d0425e4ccb4b09d0e380dc52501d95_JaffaCakes118
-
Size
154KB
-
MD5
d8d0425e4ccb4b09d0e380dc52501d95
-
SHA1
a01f336a83ee8aa80be0201c4ce593c2560881a5
-
SHA256
80b8346e9233301cde3baf92a18baf30971039f02034e96d00f299563bcd787c
-
SHA512
6a12b159c4c1a9194516becc0acf3c38fb2af5df373dd93126a6d12bd716b1b521e0bcf0f7a821b965e7e03dabd264ef3c30ee5acf481fb89a69d8feb8e34cc3
-
SSDEEP
3072:dLNlaab8JsSFU8Y0gvRrkb4oreOcVfWv4lFr85l6JlaKi6Qir9:praaUZ7YnOb4seLfe4E5l6Jlai
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Suspicious use of SetThreadContext
-