General
-
Target
d9da9815606e9c73a40b222019957b7c_JaffaCakes118
-
Size
1.8MB
-
Sample
240911-h287payckj
-
MD5
d9da9815606e9c73a40b222019957b7c
-
SHA1
c8fd3cdd6881ea1779401e1b03e2cfa56964269d
-
SHA256
12bf0a12a243f7c09cac59b9f474a18b7f542d602a6bd310a24ef21ecf7b62ad
-
SHA512
6a168bd6e94ced0b56a57768c1bc256bd18e169997c83f8e123a974ae34a93e4c66a645b5d0cb4aafb4f2db27a4cf7170e04fb1b9b790dc7a912a4266cb17c51
-
SSDEEP
49152:7IkYcI/frjtiaxxS7yXmSWZBl+pvo34vb3E+:OB/jJiaxxSkit33c7
Static task
static1
Behavioral task
behavioral1
Sample
d9da9815606e9c73a40b222019957b7c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d9da9815606e9c73a40b222019957b7c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
@kulunchick_bot
193.32.164.63:3172
Targets
-
-
Target
d9da9815606e9c73a40b222019957b7c_JaffaCakes118
-
Size
1.8MB
-
MD5
d9da9815606e9c73a40b222019957b7c
-
SHA1
c8fd3cdd6881ea1779401e1b03e2cfa56964269d
-
SHA256
12bf0a12a243f7c09cac59b9f474a18b7f542d602a6bd310a24ef21ecf7b62ad
-
SHA512
6a168bd6e94ced0b56a57768c1bc256bd18e169997c83f8e123a974ae34a93e4c66a645b5d0cb4aafb4f2db27a4cf7170e04fb1b9b790dc7a912a4266cb17c51
-
SSDEEP
49152:7IkYcI/frjtiaxxS7yXmSWZBl+pvo34vb3E+:OB/jJiaxxSkit33c7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-