General
-
Target
fca0a74dc7b6dae2e5a29c2a5ce75ced_JaffaCakes118
-
Size
481KB
-
Sample
240420-m9fbssff5y
-
MD5
fca0a74dc7b6dae2e5a29c2a5ce75ced
-
SHA1
c974110b2e7b17e631c2291b605004df70364476
-
SHA256
41f3407655619e79a5dfe30dbec79642df7bf01f03008f4b4a0fb8e46cf836c2
-
SHA512
def2d3b2a6f2de6518daa59ca1ca4290f4fa7f717235c992862c1e79743be708d8d4cf02675f824484a7c3b7ed7163a7db4b8b7fb4418339c619912a783ab672
-
SSDEEP
6144:HRbQgWntJThQ6pY/nG6J5wYRSneO3bIEz+j1yicnprN/mVQ/IxUHzXJfnqZJ88:HRcgWf6BGHbxzXjpxuQgKTXFnB8
Static task
static1
Behavioral task
behavioral1
Sample
fca0a74dc7b6dae2e5a29c2a5ce75ced_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fca0a74dc7b6dae2e5a29c2a5ce75ced_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
@keynejkee
45.132.104.3:18717
Targets
-
-
Target
fca0a74dc7b6dae2e5a29c2a5ce75ced_JaffaCakes118
-
Size
481KB
-
MD5
fca0a74dc7b6dae2e5a29c2a5ce75ced
-
SHA1
c974110b2e7b17e631c2291b605004df70364476
-
SHA256
41f3407655619e79a5dfe30dbec79642df7bf01f03008f4b4a0fb8e46cf836c2
-
SHA512
def2d3b2a6f2de6518daa59ca1ca4290f4fa7f717235c992862c1e79743be708d8d4cf02675f824484a7c3b7ed7163a7db4b8b7fb4418339c619912a783ab672
-
SSDEEP
6144:HRbQgWntJThQ6pY/nG6J5wYRSneO3bIEz+j1yicnprN/mVQ/IxUHzXJfnqZJ88:HRcgWf6BGHbxzXjpxuQgKTXFnB8
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-