General
-
Target
da7b1e48332215cd2fb27d9e7ab98d3e_JaffaCakes118
-
Size
148KB
-
Sample
240405-wa3sgsab9x
-
MD5
da7b1e48332215cd2fb27d9e7ab98d3e
-
SHA1
6bd7f15ba3ff855dbcdc0b76b72a48baaad30838
-
SHA256
a37c2dee7c3163cc9fafc64846d3c02d9cf77b8422af2a2a66ca8d5f3e6964fb
-
SHA512
b1e579cb68bf65f2fea5e1ed0e1d906697cfaa6e04650d19a7d032beb1880bed64b6c702dd14eb5606f689c50e810fa103ef117fd0fcfe21c010d315917fa3a2
-
SSDEEP
3072:RKY2O2aWFY6riD0CpXIUEM37uRXUtRy8Cqlkdyd:b2Op1jL02UXUvyC
Static task
static1
Behavioral task
behavioral1
Sample
da7b1e48332215cd2fb27d9e7ab98d3e_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
da7b1e48332215cd2fb27d9e7ab98d3e_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
141.94.188.139:43059
-
auth_value
e6fd07a033474b6535552b6f7bfb4f97
Targets
-
-
Target
da7b1e48332215cd2fb27d9e7ab98d3e_JaffaCakes118
-
Size
148KB
-
MD5
da7b1e48332215cd2fb27d9e7ab98d3e
-
SHA1
6bd7f15ba3ff855dbcdc0b76b72a48baaad30838
-
SHA256
a37c2dee7c3163cc9fafc64846d3c02d9cf77b8422af2a2a66ca8d5f3e6964fb
-
SHA512
b1e579cb68bf65f2fea5e1ed0e1d906697cfaa6e04650d19a7d032beb1880bed64b6c702dd14eb5606f689c50e810fa103ef117fd0fcfe21c010d315917fa3a2
-
SSDEEP
3072:RKY2O2aWFY6riD0CpXIUEM37uRXUtRy8Cqlkdyd:b2Op1jL02UXUvyC
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Suspicious use of SetThreadContext
-