General

  • Target

    62c4757cba47a10510ec481b119ccc84_JaffaCakes118

  • Size

    527KB

  • Sample

    240521-k7h9kafh46

  • MD5

    62c4757cba47a10510ec481b119ccc84

  • SHA1

    46a1f77dd0f2dbcead72d4f3a759b5899d86c3b7

  • SHA256

    e10c278cf1ecc14858bcdbdd8de5370fd45bbdd3ece54b828f1960a6d946577a

  • SHA512

    844ffa94dc9a12af7f13385d0f716e23510b75139d0bb8047e26c45f498c140c8c4c0434bcf485e016608d5d3041c783d5cd8f89cbea46d71c17eff1e1ea985e

  • SSDEEP

    6144:+Y9nWWFJ2wXj1hl1CUbzBsCteBp9uSELblS9Vq5mU:SWFJ2gTQmKp9wlS9qr

Malware Config

Targets

    • Target

      62c4757cba47a10510ec481b119ccc84_JaffaCakes118

    • Size

      527KB

    • MD5

      62c4757cba47a10510ec481b119ccc84

    • SHA1

      46a1f77dd0f2dbcead72d4f3a759b5899d86c3b7

    • SHA256

      e10c278cf1ecc14858bcdbdd8de5370fd45bbdd3ece54b828f1960a6d946577a

    • SHA512

      844ffa94dc9a12af7f13385d0f716e23510b75139d0bb8047e26c45f498c140c8c4c0434bcf485e016608d5d3041c783d5cd8f89cbea46d71c17eff1e1ea985e

    • SSDEEP

      6144:+Y9nWWFJ2wXj1hl1CUbzBsCteBp9uSELblS9Vq5mU:SWFJ2gTQmKp9wlS9qr

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks