General
-
Target
f5ade07e67a5a88cd01271d50f2a6ed4_JaffaCakes118
-
Size
505KB
-
Sample
240417-nqplssfa4z
-
MD5
f5ade07e67a5a88cd01271d50f2a6ed4
-
SHA1
15011c885d34a35c0b09ca852e3c9bcf8509a179
-
SHA256
e855c5bb4634a61166fdd9b1b807998c5304cd52d0c064fcfdf0c501b0c70ac8
-
SHA512
8fa01c8477c1091c376963584e1c4fd18a6978e5c4b66e33a432b4d7f542f952ebedcdb95a1b9ab60c8069ec14f90df7263921a5968911341c281a129032e2dd
-
SSDEEP
12288:7hVk86CkQULOFuQaAc3DZMR6rh7OerzpW7HekhQIqfRPr:1hmBQ7c3dMR63P
Static task
static1
Behavioral task
behavioral1
Sample
f5ade07e67a5a88cd01271d50f2a6ed4_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
@andomian
45.132.104.217:12780
Targets
-
-
Target
f5ade07e67a5a88cd01271d50f2a6ed4_JaffaCakes118
-
Size
505KB
-
MD5
f5ade07e67a5a88cd01271d50f2a6ed4
-
SHA1
15011c885d34a35c0b09ca852e3c9bcf8509a179
-
SHA256
e855c5bb4634a61166fdd9b1b807998c5304cd52d0c064fcfdf0c501b0c70ac8
-
SHA512
8fa01c8477c1091c376963584e1c4fd18a6978e5c4b66e33a432b4d7f542f952ebedcdb95a1b9ab60c8069ec14f90df7263921a5968911341c281a129032e2dd
-
SSDEEP
12288:7hVk86CkQULOFuQaAc3DZMR6rh7OerzpW7HekhQIqfRPr:1hmBQ7c3dMR63P
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-