General
-
Target
ddd05c5fdc0a8cb19404ad9cd2d460da_JaffaCakes118
-
Size
5.8MB
-
Sample
240406-hf269acg6y
-
MD5
ddd05c5fdc0a8cb19404ad9cd2d460da
-
SHA1
a292b7ee770bc41d586f0d7b1e68da47916b97a3
-
SHA256
f632f39fb5dc1c4af05bd37682902f6be4ecbde81ff238379d94ade4350d7fdc
-
SHA512
c5fc34fbe5e5ba4a3610ebebe2ad23bf20ea3fbd9c334a5a4e0b8de2fa5d659101d08bcc9c6c7352ad18bbe7b0acdd2af87eb18200daae1205c39282d4872f5a
-
SSDEEP
98304:FdaCnigRI+l1Q8cw9jdGVa1EXvpKd6R5na8+I5iQ+DouBGve6kP9Dg0zso6ydvrH:Fd/JRI+ziw9JGVa1upKdglCquBGvOvsw
Behavioral task
behavioral1
Sample
ddd05c5fdc0a8cb19404ad9cd2d460da_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
installs
138.124.186.66:3552
Targets
-
-
Target
ddd05c5fdc0a8cb19404ad9cd2d460da_JaffaCakes118
-
Size
5.8MB
-
MD5
ddd05c5fdc0a8cb19404ad9cd2d460da
-
SHA1
a292b7ee770bc41d586f0d7b1e68da47916b97a3
-
SHA256
f632f39fb5dc1c4af05bd37682902f6be4ecbde81ff238379d94ade4350d7fdc
-
SHA512
c5fc34fbe5e5ba4a3610ebebe2ad23bf20ea3fbd9c334a5a4e0b8de2fa5d659101d08bcc9c6c7352ad18bbe7b0acdd2af87eb18200daae1205c39282d4872f5a
-
SSDEEP
98304:FdaCnigRI+l1Q8cw9jdGVa1EXvpKd6R5na8+I5iQ+DouBGve6kP9Dg0zso6ydvrH:Fd/JRI+ziw9JGVa1upKdglCquBGvOvsw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Suspicious use of SetThreadContext
-