General
-
Target
f4835426a08e33b327ad9a97d707241f_JaffaCakes118
-
Size
1.3MB
-
Sample
240416-2wz7daeh37
-
MD5
f4835426a08e33b327ad9a97d707241f
-
SHA1
c7a0ebeef1a6db6cffcc50efb3b37ecd9eb8354b
-
SHA256
5516baf4628cfba0938b4be5d5e8216f75e5c8159d1ca3b4f0e086b698ad2bfc
-
SHA512
ecb9b61023a29780df112f2dcdb860ec7d0e2a74fa35b48bd7a91223f43c4682b195a37f6a9ccc92e9595e0e96dc0240472e455b8281e0003a1c8669dc611e74
-
SSDEEP
12288:ODSPS63YOSK3cqH3/oJ8BHkzS4MUDsRZjI7yLnQsLhBN9aTom5Oucgqtqer1pJ3L:om8KXP1qbCLhf9aTXEub6Jd1
Static task
static1
Behavioral task
behavioral1
Sample
f4835426a08e33b327ad9a97d707241f_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
f4835426a08e33b327ad9a97d707241f_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
YTUploader
46.17.96.37:63108
Targets
-
-
Target
f4835426a08e33b327ad9a97d707241f_JaffaCakes118
-
Size
1.3MB
-
MD5
f4835426a08e33b327ad9a97d707241f
-
SHA1
c7a0ebeef1a6db6cffcc50efb3b37ecd9eb8354b
-
SHA256
5516baf4628cfba0938b4be5d5e8216f75e5c8159d1ca3b4f0e086b698ad2bfc
-
SHA512
ecb9b61023a29780df112f2dcdb860ec7d0e2a74fa35b48bd7a91223f43c4682b195a37f6a9ccc92e9595e0e96dc0240472e455b8281e0003a1c8669dc611e74
-
SSDEEP
12288:ODSPS63YOSK3cqH3/oJ8BHkzS4MUDsRZjI7yLnQsLhBN9aTom5Oucgqtqer1pJ3L:om8KXP1qbCLhf9aTXEub6Jd1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-