General
-
Target
62c4757cba47a10510ec481b119ccc84_JaffaCakes118
-
Size
527KB
-
Sample
240521-k7h9kafh46
-
MD5
62c4757cba47a10510ec481b119ccc84
-
SHA1
46a1f77dd0f2dbcead72d4f3a759b5899d86c3b7
-
SHA256
e10c278cf1ecc14858bcdbdd8de5370fd45bbdd3ece54b828f1960a6d946577a
-
SHA512
844ffa94dc9a12af7f13385d0f716e23510b75139d0bb8047e26c45f498c140c8c4c0434bcf485e016608d5d3041c783d5cd8f89cbea46d71c17eff1e1ea985e
-
SSDEEP
6144:+Y9nWWFJ2wXj1hl1CUbzBsCteBp9uSELblS9Vq5mU:SWFJ2gTQmKp9wlS9qr
Static task
static1
Behavioral task
behavioral1
Sample
62c4757cba47a10510ec481b119ccc84_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
62c4757cba47a10510ec481b119ccc84_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
62c4757cba47a10510ec481b119ccc84_JaffaCakes118
-
Size
527KB
-
MD5
62c4757cba47a10510ec481b119ccc84
-
SHA1
46a1f77dd0f2dbcead72d4f3a759b5899d86c3b7
-
SHA256
e10c278cf1ecc14858bcdbdd8de5370fd45bbdd3ece54b828f1960a6d946577a
-
SHA512
844ffa94dc9a12af7f13385d0f716e23510b75139d0bb8047e26c45f498c140c8c4c0434bcf485e016608d5d3041c783d5cd8f89cbea46d71c17eff1e1ea985e
-
SSDEEP
6144:+Y9nWWFJ2wXj1hl1CUbzBsCteBp9uSELblS9Vq5mU:SWFJ2gTQmKp9wlS9qr
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-