General
-
Target
fab242df347a97973ae998ac65f81872_JaffaCakes118
-
Size
336KB
-
Sample
240419-txk5vahh6w
-
MD5
fab242df347a97973ae998ac65f81872
-
SHA1
06d5698c7056d6d7a5f09b78caf68b5d16824e9b
-
SHA256
b6cb2602d54f14ce33ba6db255786bf42dfd3189e5128ed5c9ecd174de33ca2e
-
SHA512
d680c32deee51c7008df28b3349ee1e3a4d74dd9f87a348126dbb4df82c85936c4feb9d9d2612785c14bb99462c8896df533d3c6295cf8d82107c707fb939b6d
-
SSDEEP
6144:PhofZoqi4FDJ1H2coVR7jLZl4vfn14Ubjxz2RHNumP/zBJ9nFqOoy:SfZon4BzQjLZl4XIFNumX39nFKy
Static task
static1
Behavioral task
behavioral1
Sample
Company profile and introduction.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Company profile and introduction.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
185.161.209.196:57754
Targets
-
-
Target
Company profile and introduction.exe
-
Size
1.3MB
-
MD5
a7550a4fe2c9b1f4808892c0f5be4de9
-
SHA1
87daa99852fd33b4cf38dd651f19fbb337a4bbf6
-
SHA256
72b07629a3c3636e83a2b602fd8e1a48cfaab9e3d8a97daaf4d3a053c69cd3d0
-
SHA512
f1a54605c6d9719f5013c9538817e3a300d049f4b212757f864d620877ceb31e41d7d4685b729c18e0ca9f3b9eacf43d6a37e37bc12c11eb1178ab19afcc96bd
-
SSDEEP
12288:6qD03+Id3hhQd1UAW4Fbbr1EXzzL9UdP+gB88naZ3Sb:6qD03
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-