General
-
Target
e44f2cdc66c0668925a19856a3f40147_JaffaCakes118
-
Size
4.0MB
-
Sample
240407-hh4g4afc5w
-
MD5
e44f2cdc66c0668925a19856a3f40147
-
SHA1
b77be2db365d2739245976aeff0888462eccdc88
-
SHA256
916a277ee5139308e6b8bbf6bfbe794cf93c3acb19013c8f67364b178d4e6a0d
-
SHA512
4dfb09e8209f12304e5b02a35d3ba93c7ea996495a2fdfb9619a90dfacb3742a84cac7cfca79ff5d66fcfa07891812a4ee8edb75c285cf60b10f3dc67d331bd8
-
SSDEEP
98304:yxj4V805DXFBqc+AC5ofNlQIRRVuaqoCTz:CjAD18c1C5Q+IRRQaBCv
Behavioral task
behavioral1
Sample
e44f2cdc66c0668925a19856a3f40147_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
e44f2cdc66c0668925a19856a3f40147_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
ogak2colpaka798
185.172.129.61:39278
Targets
-
-
Target
e44f2cdc66c0668925a19856a3f40147_JaffaCakes118
-
Size
4.0MB
-
MD5
e44f2cdc66c0668925a19856a3f40147
-
SHA1
b77be2db365d2739245976aeff0888462eccdc88
-
SHA256
916a277ee5139308e6b8bbf6bfbe794cf93c3acb19013c8f67364b178d4e6a0d
-
SHA512
4dfb09e8209f12304e5b02a35d3ba93c7ea996495a2fdfb9619a90dfacb3742a84cac7cfca79ff5d66fcfa07891812a4ee8edb75c285cf60b10f3dc67d331bd8
-
SSDEEP
98304:yxj4V805DXFBqc+AC5ofNlQIRRVuaqoCTz:CjAD18c1C5Q+IRRQaBCv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-