General
-
Target
JaffaCakes118_020db224e295b652601f34b1b5284f3ad6bdf22f
-
Size
700.0MB
-
Sample
241222-d2h82s1qhs
-
MD5
42a123d2a8c6b9bf813d4ba30c6f7339
-
SHA1
020db224e295b652601f34b1b5284f3ad6bdf22f
-
SHA256
4e5b72658b3ee150f255b726931d387e897d1e5db4f40fbd6a3181e1908671af
-
SHA512
aec4d9c6c9255ad4764a737bb38f68e525d95d38d634e286100c896683fa1bc5f3b62cdc829b6f990fb2570455a6f1c3a7c81e117499065520c24325700cccaf
-
SSDEEP
98304:Xm27HCFxPcIIqb9tIKdgEezl6nW1WIxV2UBPB3VsYT:XmHbPcIIqb9u15zl6nW1WA2rYT
Behavioral task
behavioral1
Sample
JaffaCakes118_020db224e295b652601f34b1b5284f3ad6bdf22f.exe
Resource
win7-20240903-en
Malware Config
Extracted
redline
web
62.204.41.139:25190
-
auth_value
2b0495835b75f494572b5792f0b7a9e1
Targets
-
-
Target
JaffaCakes118_020db224e295b652601f34b1b5284f3ad6bdf22f
-
Size
700.0MB
-
MD5
42a123d2a8c6b9bf813d4ba30c6f7339
-
SHA1
020db224e295b652601f34b1b5284f3ad6bdf22f
-
SHA256
4e5b72658b3ee150f255b726931d387e897d1e5db4f40fbd6a3181e1908671af
-
SHA512
aec4d9c6c9255ad4764a737bb38f68e525d95d38d634e286100c896683fa1bc5f3b62cdc829b6f990fb2570455a6f1c3a7c81e117499065520c24325700cccaf
-
SSDEEP
98304:Xm27HCFxPcIIqb9tIKdgEezl6nW1WIxV2UBPB3VsYT:XmHbPcIIqb9u15zl6nW1WA2rYT
-
Detect ZGRat V2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Zgrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-