General
-
Target
26b43c14465533a6c8eda3fc39004f8d_JaffaCakes118
-
Size
126KB
-
Sample
240704-3w5mjawglj
-
MD5
26b43c14465533a6c8eda3fc39004f8d
-
SHA1
d27ddaaaff6f3a5f7764c19b852efec86d889d62
-
SHA256
00a06fe9fdfca3e36d29757500c3ea69d1a58d6b261d31f1921c2dcc5a996f4d
-
SHA512
23fd5f0a00ba1cc6a224e2abe786abaca736b0111def833b7f938dd0f1d66ee27a9825d56d17b1239a7e5a70ff5be828e222b582a6bae1a0063240b272bfb37e
-
SSDEEP
1536:aKEYekjigc1arEZ0aO3G9m4VCj7AOz7HMWe5FhQYx1+GLEajB3K158ZCHg0RQ2Tv:W77pOzTE5FeEDzZiQQLMaZ
Static task
static1
Behavioral task
behavioral1
Sample
26b43c14465533a6c8eda3fc39004f8d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
26b43c14465533a6c8eda3fc39004f8d_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
redline
bfvtnbtrtewrhrweg
94.242.224.249:12574
Targets
-
-
Target
26b43c14465533a6c8eda3fc39004f8d_JaffaCakes118
-
Size
126KB
-
MD5
26b43c14465533a6c8eda3fc39004f8d
-
SHA1
d27ddaaaff6f3a5f7764c19b852efec86d889d62
-
SHA256
00a06fe9fdfca3e36d29757500c3ea69d1a58d6b261d31f1921c2dcc5a996f4d
-
SHA512
23fd5f0a00ba1cc6a224e2abe786abaca736b0111def833b7f938dd0f1d66ee27a9825d56d17b1239a7e5a70ff5be828e222b582a6bae1a0063240b272bfb37e
-
SSDEEP
1536:aKEYekjigc1arEZ0aO3G9m4VCj7AOz7HMWe5FhQYx1+GLEajB3K158ZCHg0RQ2Tv:W77pOzTE5FeEDzZiQQLMaZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-