General
-
Target
d077c2abcdd54c3b99c8e213e7ce9c37_JaffaCakes118
-
Size
1.7MB
-
Sample
240906-z36avsydjf
-
MD5
d077c2abcdd54c3b99c8e213e7ce9c37
-
SHA1
5343e25e009dd981d2f0dcb8dd4c6d3d11f188ea
-
SHA256
608ecfcb3922b79e06a74f47b65f3662cdfc048e35ef473debc49ff9430b7238
-
SHA512
1dcaf2189fdb284639d442abfb4bb3c99ff0cd3411f188cd453added9ca6b71377232d3e4c771918b3615bcad6545e751e8373555d8e2c2cb69f6e5bf0a031d7
-
SSDEEP
49152:zCxmV8TuZ7bqVPobiJbIN4kBwZc5xDNu:EmV86F4GPC+J
Static task
static1
Behavioral task
behavioral1
Sample
d077c2abcdd54c3b99c8e213e7ce9c37_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
redline
@admbx
5.188.118.163:63275
Targets
-
-
Target
d077c2abcdd54c3b99c8e213e7ce9c37_JaffaCakes118
-
Size
1.7MB
-
MD5
d077c2abcdd54c3b99c8e213e7ce9c37
-
SHA1
5343e25e009dd981d2f0dcb8dd4c6d3d11f188ea
-
SHA256
608ecfcb3922b79e06a74f47b65f3662cdfc048e35ef473debc49ff9430b7238
-
SHA512
1dcaf2189fdb284639d442abfb4bb3c99ff0cd3411f188cd453added9ca6b71377232d3e4c771918b3615bcad6545e751e8373555d8e2c2cb69f6e5bf0a031d7
-
SSDEEP
49152:zCxmV8TuZ7bqVPobiJbIN4kBwZc5xDNu:EmV86F4GPC+J
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-