General
-
Target
00e8532313249e72acc9d045063ac68e_JaffaCakes118
-
Size
383KB
-
Sample
240930-mrjw9sveqb
-
MD5
00e8532313249e72acc9d045063ac68e
-
SHA1
e3343d11dac2c3853895bee92bcbd95d4e082a7c
-
SHA256
9cb794f9cc6ff45711cc17185a1e119b758322b0b6c496e03e61b4d8557e032e
-
SHA512
bc53d057b0950e4b53cb48292271fd1f8e2ed07ed93a707f9ca670ef7dfac07b7aa41de480d2585de3d60309cb2e2ee9c4504ef046b204566f25850c2279c4a8
-
SSDEEP
6144:ob4RCBuFV2nyzK+I6QTK5hBf8siz+IRbPzFMvYdg94hBcR+hlhHq7Y1s6FVuNtDd:dRCBS2np+wPdg9wBjnHi8wtDCgOitJhl
Static task
static1
Behavioral task
behavioral1
Sample
00e8532313249e72acc9d045063ac68e_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
redline
@DF_steal
185.213.209.36:36533
Targets
-
-
Target
00e8532313249e72acc9d045063ac68e_JaffaCakes118
-
Size
383KB
-
MD5
00e8532313249e72acc9d045063ac68e
-
SHA1
e3343d11dac2c3853895bee92bcbd95d4e082a7c
-
SHA256
9cb794f9cc6ff45711cc17185a1e119b758322b0b6c496e03e61b4d8557e032e
-
SHA512
bc53d057b0950e4b53cb48292271fd1f8e2ed07ed93a707f9ca670ef7dfac07b7aa41de480d2585de3d60309cb2e2ee9c4504ef046b204566f25850c2279c4a8
-
SSDEEP
6144:ob4RCBuFV2nyzK+I6QTK5hBf8siz+IRbPzFMvYdg94hBcR+hlhHq7Y1s6FVuNtDd:dRCBS2np+wPdg9wBjnHi8wtDCgOitJhl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-