General
-
Target
e45831263add0764894265d38507c3cd_JaffaCakes118
-
Size
1.9MB
-
Sample
240407-hwkbdaga95
-
MD5
e45831263add0764894265d38507c3cd
-
SHA1
a5737a9f4451ed4d1b5dccc98f7d0e6702493a5a
-
SHA256
d3dc112d9c9ff16f50c628ca7d586071702cea98592483a8d5a182a8f71220ef
-
SHA512
4ba3a5eb448dec083132363b014f71b1d59c336b7b21951291c031948640ca0e84d1fed2189aa78dd7123684968eaa3aafff564d6bc93a4616f24ea436439276
-
SSDEEP
49152:yGMcsGDH04da7T+xwk7AEi/PR/lgbrHHe/97Z:TOnk7k/Z/Rl9
Static task
static1
Behavioral task
behavioral1
Sample
e45831263add0764894265d38507c3cd_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e45831263add0764894265d38507c3cd_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
build1
135.181.170.169:36855
Targets
-
-
Target
e45831263add0764894265d38507c3cd_JaffaCakes118
-
Size
1.9MB
-
MD5
e45831263add0764894265d38507c3cd
-
SHA1
a5737a9f4451ed4d1b5dccc98f7d0e6702493a5a
-
SHA256
d3dc112d9c9ff16f50c628ca7d586071702cea98592483a8d5a182a8f71220ef
-
SHA512
4ba3a5eb448dec083132363b014f71b1d59c336b7b21951291c031948640ca0e84d1fed2189aa78dd7123684968eaa3aafff564d6bc93a4616f24ea436439276
-
SSDEEP
49152:yGMcsGDH04da7T+xwk7AEi/PR/lgbrHHe/97Z:TOnk7k/Z/Rl9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-