Extracted

• • Target

    8d2f7c67059a695625fe500f9a502092_JaffaCakes118

  • Size

    1.2MB

  • MD5

    8d2f7c67059a695625fe500f9a502092

  • SHA1

    6feed04ad1ac6a081e525b61c1051757b456f170

  • SHA256

    3724859dc08f6e3c36f2aecf9c8284ba709f2b6c831b57d5b032877c83cf119a

  • SHA512

    830fc36c77f5fdba6d4653b5b832670f54a5497bdc7b6daf20df247a5836a13acf36b2daddc3d1212add13a1981d6d9417935ff982ed6d31a01d79c79e1e1290

  • SSDEEP

    24576:n53uhFSIBX1gx2BSY54F5ZpOBu8cGSmnodrCYF0MEQdAt:n5+hFVXyHYu5LOGXmnyCYF0MEQdw

  Score

  10^/10

  redlinemaxidiscoveryinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2