General
-
Target
e49b51b0b9c6c7e0ba32f793fee55b45_JaffaCakes118
-
Size
2.3MB
-
Sample
240407-lg4y1sac66
-
MD5
e49b51b0b9c6c7e0ba32f793fee55b45
-
SHA1
60f6316bf43e7bdf7098b6dd3bc719b42ae9018a
-
SHA256
ce4349e7eeb9af88ba41065c179360bd4d2253d8324856896dc92ea178ff7b5c
-
SHA512
3853a0cf0109387eb3753e83b624918f0dbb1e5df462a7ce7cc1209c9cccd147ba85b5878cb86d45c067c5eab6da5fa9f06d5b4aba22139692a73f4201a26c41
-
SSDEEP
49152:35+hFRPnG6ztHsxpKPL1wtDmyPtlCK4UPlTt7536IAEoliv242Hxiz8lVHTIioOl:35aFRPnlMxpKPL2tDmqlO8N36G5sxiqH
Static task
static1
Behavioral task
behavioral1
Sample
e49b51b0b9c6c7e0ba32f793fee55b45_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
e49b51b0b9c6c7e0ba32f793fee55b45_JaffaCakes118.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
redline
@Yuki4onna
77.220.214.232:13459
Targets
-
-
Target
e49b51b0b9c6c7e0ba32f793fee55b45_JaffaCakes118
-
Size
2.3MB
-
MD5
e49b51b0b9c6c7e0ba32f793fee55b45
-
SHA1
60f6316bf43e7bdf7098b6dd3bc719b42ae9018a
-
SHA256
ce4349e7eeb9af88ba41065c179360bd4d2253d8324856896dc92ea178ff7b5c
-
SHA512
3853a0cf0109387eb3753e83b624918f0dbb1e5df462a7ce7cc1209c9cccd147ba85b5878cb86d45c067c5eab6da5fa9f06d5b4aba22139692a73f4201a26c41
-
SSDEEP
49152:35+hFRPnG6ztHsxpKPL1wtDmyPtlCK4UPlTt7536IAEoliv242Hxiz8lVHTIioOl:35aFRPnlMxpKPL2tDmqlO8N36G5sxiqH
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-