General
-
Target
5e8176d953bf804a8fc8f97c0b42329b_JaffaCakes118
-
Size
1.9MB
-
Sample
240720-bvxfzstenc
-
MD5
5e8176d953bf804a8fc8f97c0b42329b
-
SHA1
a579877186578f93ac32ab866921d3fd71a0465a
-
SHA256
e9dad06eb568f2e548e731525f9ae1e77e40449848f71e4201f6c6f4536415fe
-
SHA512
a74b578b102cc3d9545bcbfae2ef6ce8fabe17c02799a673850b2a9ba41ee241e3e1c25695491e49cbe5facea4dc3713e694864cfbd76d9c097e3808ecad4fa1
-
SSDEEP
49152:oXylc0jCliQf6NA93e5Ma0mJ1brlCJr7G6n45HQ6:8yuAMffjePf/0l4VQ6
Static task
static1
Behavioral task
behavioral1
Sample
5e8176d953bf804a8fc8f97c0b42329b_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5e8176d953bf804a8fc8f97c0b42329b_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
qwertybld
135.181.170.169:36855
Targets
-
-
Target
5e8176d953bf804a8fc8f97c0b42329b_JaffaCakes118
-
Size
1.9MB
-
MD5
5e8176d953bf804a8fc8f97c0b42329b
-
SHA1
a579877186578f93ac32ab866921d3fd71a0465a
-
SHA256
e9dad06eb568f2e548e731525f9ae1e77e40449848f71e4201f6c6f4536415fe
-
SHA512
a74b578b102cc3d9545bcbfae2ef6ce8fabe17c02799a673850b2a9ba41ee241e3e1c25695491e49cbe5facea4dc3713e694864cfbd76d9c097e3808ecad4fa1
-
SSDEEP
49152:oXylc0jCliQf6NA93e5Ma0mJ1brlCJr7G6n45HQ6:8yuAMffjePf/0l4VQ6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-