General
-
Target
e4086df34bc50103a13d197e915e578d_JaffaCakes118
-
Size
643KB
-
Sample
240407-evy7cscg7t
-
MD5
e4086df34bc50103a13d197e915e578d
-
SHA1
67841d84f49029cc773a3d90d612a238e0ccb7a5
-
SHA256
97ecdd9bfe96bbc323ee0526c18949371e38b373d0f71104277f684af338c663
-
SHA512
a62d22577691dc452e96cdbddff18451b4970f1c2d9fc1c73286ef3d844daec3e6de6ec7a6c7c2918a401323ab91c3d4248123dfffdc1eb0cf6dcf6685d76180
-
SSDEEP
12288:MrRWtp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX7ZwUdLyc:FqdLgM7itajszgBnR7/LJXdJ+nlA7
Static task
static1
Behavioral task
behavioral1
Sample
e4086df34bc50103a13d197e915e578d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e4086df34bc50103a13d197e915e578d_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
@Cheburek212
185.80.234.77:17105
Targets
-
-
Target
e4086df34bc50103a13d197e915e578d_JaffaCakes118
-
Size
643KB
-
MD5
e4086df34bc50103a13d197e915e578d
-
SHA1
67841d84f49029cc773a3d90d612a238e0ccb7a5
-
SHA256
97ecdd9bfe96bbc323ee0526c18949371e38b373d0f71104277f684af338c663
-
SHA512
a62d22577691dc452e96cdbddff18451b4970f1c2d9fc1c73286ef3d844daec3e6de6ec7a6c7c2918a401323ab91c3d4248123dfffdc1eb0cf6dcf6685d76180
-
SSDEEP
12288:MrRWtp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX7ZwUdLyc:FqdLgM7itajszgBnR7/LJXdJ+nlA7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-