General
-
Target
JaffaCakes118_0e7296eeb96ea9ce4a0b79742650e03799d31b4fb76da7468c7ca872e49f84bc
-
Size
850.0MB
-
Sample
241223-sjwhzssqgs
-
MD5
eedf2268c033279cf00fa631bd1c204b
-
SHA1
6605403929c2e1c5813e7f29a7e21c2f6f6405ad
-
SHA256
0e7296eeb96ea9ce4a0b79742650e03799d31b4fb76da7468c7ca872e49f84bc
-
SHA512
d1726824e1845b47ddc64582bfb6f29dbe482686b427fe616cc9ac9d5c2108425af8808303a4ef17489e25879e2c41174589b1d9a2f5dfe3dba10f073360cb40
-
SSDEEP
98304:wE5lkJFhxG6/tIKBDBG9+svXMWRsrF2WKfFqm8X:z5lOhnWK9oIrcWK92
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_0e7296eeb96ea9ce4a0b79742650e03799d31b4fb76da7468c7ca872e49f84bc.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_0e7296eeb96ea9ce4a0b79742650e03799d31b4fb76da7468c7ca872e49f84bc.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
me
92.119.112.239:28769
-
auth_value
0b41ed1bdf04c7505d47398771081370
Targets
-
-
Target
JaffaCakes118_0e7296eeb96ea9ce4a0b79742650e03799d31b4fb76da7468c7ca872e49f84bc
-
Size
850.0MB
-
MD5
eedf2268c033279cf00fa631bd1c204b
-
SHA1
6605403929c2e1c5813e7f29a7e21c2f6f6405ad
-
SHA256
0e7296eeb96ea9ce4a0b79742650e03799d31b4fb76da7468c7ca872e49f84bc
-
SHA512
d1726824e1845b47ddc64582bfb6f29dbe482686b427fe616cc9ac9d5c2108425af8808303a4ef17489e25879e2c41174589b1d9a2f5dfe3dba10f073360cb40
-
SSDEEP
98304:wE5lkJFhxG6/tIKBDBG9+svXMWRsrF2WKfFqm8X:z5lOhnWK9oIrcWK92
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-