General
-
Target
2d3a8662d710d13b49323ec9fe5df4e4_JaffaCakes118
-
Size
1.7MB
-
Sample
240708-v6q8wssgpa
-
MD5
2d3a8662d710d13b49323ec9fe5df4e4
-
SHA1
883731988932f737c68a622232b2c882dabf9aaf
-
SHA256
b1969c9764bce7b5c23b2dd156a7207fcf1ed140503ea83f54729b5fe8d0d98c
-
SHA512
e42ed534976fdc6323b0cc8e941d387e78bbe6aff4d3796c2474a2b9c5d7ecd690751ea555878a577059ae47f482aaa47a251f3cfdec54368c2821c2bc355545
-
SSDEEP
49152:id39AYYfgiZlBkianv6pNdx3ICmmzd+KCT0R95:idNAx4YGi8v6pNdVI5od+KCTM
Malware Config
Extracted
redline
@TortKlub
185.137.234.160:12158
Targets
-
-
Target
2d3a8662d710d13b49323ec9fe5df4e4_JaffaCakes118
-
Size
1.7MB
-
MD5
2d3a8662d710d13b49323ec9fe5df4e4
-
SHA1
883731988932f737c68a622232b2c882dabf9aaf
-
SHA256
b1969c9764bce7b5c23b2dd156a7207fcf1ed140503ea83f54729b5fe8d0d98c
-
SHA512
e42ed534976fdc6323b0cc8e941d387e78bbe6aff4d3796c2474a2b9c5d7ecd690751ea555878a577059ae47f482aaa47a251f3cfdec54368c2821c2bc355545
-
SSDEEP
49152:id39AYYfgiZlBkianv6pNdx3ICmmzd+KCT0R95:idNAx4YGi8v6pNdVI5od+KCTM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-