General
-
Target
eeaae4d3227a8e9154123981c9b6607a_JaffaCakes118
-
Size
4.0MB
-
Sample
240412-ady3tahd49
-
MD5
eeaae4d3227a8e9154123981c9b6607a
-
SHA1
e157bcf5be7b60c9dbc405048448474589a73e1d
-
SHA256
48b83155739f83a508ec4aeb87aa68a59dbd695e61f29d8d57d99eb22816201c
-
SHA512
785cd4bb7075659c4b1e612a207063c051f3039e7dca95cd6ebabf8e90e442cf68b5dc772ecd8a4c996352643cf5794a8cbdee09d5596a4866a6d90871724ad7
-
SSDEEP
98304:D1nH2CmKaZMZ6Brav2i57RxOUSSR0o6y22:hn7bQHiXxTD22
Behavioral task
behavioral1
Sample
eeaae4d3227a8e9154123981c9b6607a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eeaae4d3227a8e9154123981c9b6607a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
$$$$$lucky$$$$$
safebild.org:7777
Targets
-
-
Target
eeaae4d3227a8e9154123981c9b6607a_JaffaCakes118
-
Size
4.0MB
-
MD5
eeaae4d3227a8e9154123981c9b6607a
-
SHA1
e157bcf5be7b60c9dbc405048448474589a73e1d
-
SHA256
48b83155739f83a508ec4aeb87aa68a59dbd695e61f29d8d57d99eb22816201c
-
SHA512
785cd4bb7075659c4b1e612a207063c051f3039e7dca95cd6ebabf8e90e442cf68b5dc772ecd8a4c996352643cf5794a8cbdee09d5596a4866a6d90871724ad7
-
SSDEEP
98304:D1nH2CmKaZMZ6Brav2i57RxOUSSR0o6y22:hn7bQHiXxTD22
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-