Overview

overview

10

Static

static

7

JaffaCakes...4d.exe

windows7-x64

7

JaffaCakes...4d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_9d254fffd67484a75f0ae733b8bdaa8dace00994f7364935d75d64e1095b1a4d

  • Size

    815.4MB

  • Sample

    241223-sq2ctatjhk

  • MD5

    59aff648e8cdd4301081ba6564028cae

  • SHA1

    192f4b340bc664083ce43e781121782a5c35ab7b

  • SHA256

    9d254fffd67484a75f0ae733b8bdaa8dace00994f7364935d75d64e1095b1a4d

  • SHA512

    f5c930b119c799cf91181b0657010690fedd8b130f97a186d880e03925d1224de490894a7e3229966cf0169efab07cbdabed79e2e6f74f0953483a8d99cfa789

  • SSDEEP

    98304:ySIerLt7RdlV2WqlSOoixzj+9DXeZcl70uQkKQyr3/Msj:ySIM9XV2FlSXSX+9KZkzKQu/Msj

Score
10/10
redlinezalivdiscoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

zaliv

C2

81.19.141.28:9577

Attributes
  • auth_value

    8b78b951891818ae0eee1ea3c57e77e9

Targets

    • Target

      JaffaCakes118_9d254fffd67484a75f0ae733b8bdaa8dace00994f7364935d75d64e1095b1a4d

    • Size

      815.4MB

    • MD5

      59aff648e8cdd4301081ba6564028cae

    • SHA1

      192f4b340bc664083ce43e781121782a5c35ab7b

    • SHA256

      9d254fffd67484a75f0ae733b8bdaa8dace00994f7364935d75d64e1095b1a4d

    • SHA512

      f5c930b119c799cf91181b0657010690fedd8b130f97a186d880e03925d1224de490894a7e3229966cf0169efab07cbdabed79e2e6f74f0953483a8d99cfa789

    • SSDEEP

      98304:ySIerLt7RdlV2WqlSOoixzj+9DXeZcl70uQkKQyr3/Msj:ySIM9XV2FlSXSX+9KZkzKQu/Msj

    Score
    10/10
    redlinezalivdiscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks