General
-
Target
57bb460a8bf8acfea0549697041eafb6_JaffaCakes118
-
Size
2.3MB
-
Sample
240718-rlcm8asbnq
-
MD5
57bb460a8bf8acfea0549697041eafb6
-
SHA1
adb1379ea4a1205e98dd99ae29b938561e450d40
-
SHA256
9f57d5e9bbe20d0158d6515f9bfcea72f32fc4d5de218d5444a44de0d9f54e31
-
SHA512
40c1288e06925888eedb1e12a4db905402a9601663eabd9f8aac9747d5bcfc0d4bdb8555415db5c06f07719271ffbbc21caa74e930a3568fba90ce0c69726bb7
-
SSDEEP
49152:x5+hFZ7+7m4f9deH2iiKyrGNG9nbbRI4YewCxiz8lVHTIioOFZQ+g:x5aFVqqMKyyNG9nYMxiqZ7g
Static task
static1
Behavioral task
behavioral1
Sample
57bb460a8bf8acfea0549697041eafb6_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
57bb460a8bf8acfea0549697041eafb6_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
@leepsy_ns
45.132.104.217:12780
Targets
-
-
Target
57bb460a8bf8acfea0549697041eafb6_JaffaCakes118
-
Size
2.3MB
-
MD5
57bb460a8bf8acfea0549697041eafb6
-
SHA1
adb1379ea4a1205e98dd99ae29b938561e450d40
-
SHA256
9f57d5e9bbe20d0158d6515f9bfcea72f32fc4d5de218d5444a44de0d9f54e31
-
SHA512
40c1288e06925888eedb1e12a4db905402a9601663eabd9f8aac9747d5bcfc0d4bdb8555415db5c06f07719271ffbbc21caa74e930a3568fba90ce0c69726bb7
-
SSDEEP
49152:x5+hFZ7+7m4f9deH2iiKyrGNG9nbbRI4YewCxiz8lVHTIioOFZQ+g:x5aFVqqMKyyNG9nYMxiqZ7g
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-