General
-
Target
61201493419f2cfd038edd380361f70e_JaffaCakes118
-
Size
927KB
-
Sample
240520-2dhjlshg26
-
MD5
61201493419f2cfd038edd380361f70e
-
SHA1
7475880b664e50441ad678af439f374e0a7fb50c
-
SHA256
763a5e112a2cac4106ceba50be268c204883c12dad474571d0f06bfeb2db28a6
-
SHA512
0be7af416f5c0d79d9b6bbd3a4e711b13315a5f5511d028884ff24a07e82482e7e008607205a6e9a3aa1ba6702c0706e7fb4d171e7753c1107d626a68069e352
-
SSDEEP
24576:lxt7Vb7vMTCT2xDEF0RWUEF9eVMOU+eBPava8K:lDV3vMUU9g/MneBPava8K
Malware Config
Targets
-
-
Target
61201493419f2cfd038edd380361f70e_JaffaCakes118
-
Size
927KB
-
MD5
61201493419f2cfd038edd380361f70e
-
SHA1
7475880b664e50441ad678af439f374e0a7fb50c
-
SHA256
763a5e112a2cac4106ceba50be268c204883c12dad474571d0f06bfeb2db28a6
-
SHA512
0be7af416f5c0d79d9b6bbd3a4e711b13315a5f5511d028884ff24a07e82482e7e008607205a6e9a3aa1ba6702c0706e7fb4d171e7753c1107d626a68069e352
-
SSDEEP
24576:lxt7Vb7vMTCT2xDEF0RWUEF9eVMOU+eBPava8K:lDV3vMUU9g/MneBPava8K
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-