General
-
Target
JaffaCakes118_c5a4e7a2d7c860d9d7977a2601fc7d865aaec3bcdfc9740498211b9a12753e6f
-
Size
800.0MB
-
Sample
241223-x1swmsykfr
-
MD5
859bc7b08d641bd37b35884ba21fc3a3
-
SHA1
bf5877193e13cb79ddb629d93159e0a486df3f7f
-
SHA256
c5a4e7a2d7c860d9d7977a2601fc7d865aaec3bcdfc9740498211b9a12753e6f
-
SHA512
cc9135e116165dd6226c80fdb982f2aa30317fa99b4c59c5c1060a1e833b0a41b3cf3f2d873fe8e1b72866fc50a5f09666794a2636910647061ef1e40df6720f
-
SSDEEP
1536:+iWKpPPCaSjY1WUWTD+8zoJKs7W4g1ruZ6g+UKzyjJN7rYCI+oyfBGBn3f74bcgn:hWKpP/wr0fSBzgyQ3CIekyA1
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_c5a4e7a2d7c860d9d7977a2601fc7d865aaec3bcdfc9740498211b9a12753e6f.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_c5a4e7a2d7c860d9d7977a2601fc7d865aaec3bcdfc9740498211b9a12753e6f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
@NekoChan815
45.15.157.131:36457
-
auth_value
27e91af9bac7df060a7c43fed05eded6
Targets
-
-
Target
JaffaCakes118_c5a4e7a2d7c860d9d7977a2601fc7d865aaec3bcdfc9740498211b9a12753e6f
-
Size
800.0MB
-
MD5
859bc7b08d641bd37b35884ba21fc3a3
-
SHA1
bf5877193e13cb79ddb629d93159e0a486df3f7f
-
SHA256
c5a4e7a2d7c860d9d7977a2601fc7d865aaec3bcdfc9740498211b9a12753e6f
-
SHA512
cc9135e116165dd6226c80fdb982f2aa30317fa99b4c59c5c1060a1e833b0a41b3cf3f2d873fe8e1b72866fc50a5f09666794a2636910647061ef1e40df6720f
-
SSDEEP
1536:+iWKpPPCaSjY1WUWTD+8zoJKs7W4g1ruZ6g+UKzyjJN7rYCI+oyfBGBn3f74bcgn:hWKpP/wr0fSBzgyQ3CIekyA1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Suspicious use of SetThreadContext
-