General
-
Target
JaffaCakes118_a5a83474450554b7da04587cf77f76ec
-
Size
770.0MB
-
Sample
241224-mpvwravqem
-
MD5
a5a83474450554b7da04587cf77f76ec
-
SHA1
a8a579d8a66f4875df9cbed1a2a6c3392b232853
-
SHA256
b4781474596c183da5b10c22ce2260c802ef4f553ed347f4813ad30cab0d56e2
-
SHA512
db5c11cab72ccd89de9982c1dd5488e608195f795c5118f31160dab4a01c86d439ca9ddb37212647c38e0eac4d6394d3e47fe9c1e340f1f4cf95856e54624ee5
-
SSDEEP
12288:anAcUmI0cmsN0C1pXVnljw7zSrmP2LszN2lRjFoC8GJx5v:aY0mygdVlM7zSsWRSCv3R
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_a5a83474450554b7da04587cf77f76ec.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_a5a83474450554b7da04587cf77f76ec.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
word 7
65.21.74.139:20775
-
auth_value
fc283e807b7b9afa9b29c1b782aad551
Targets
-
-
Target
JaffaCakes118_a5a83474450554b7da04587cf77f76ec
-
Size
770.0MB
-
MD5
a5a83474450554b7da04587cf77f76ec
-
SHA1
a8a579d8a66f4875df9cbed1a2a6c3392b232853
-
SHA256
b4781474596c183da5b10c22ce2260c802ef4f553ed347f4813ad30cab0d56e2
-
SHA512
db5c11cab72ccd89de9982c1dd5488e608195f795c5118f31160dab4a01c86d439ca9ddb37212647c38e0eac4d6394d3e47fe9c1e340f1f4cf95856e54624ee5
-
SSDEEP
12288:anAcUmI0cmsN0C1pXVnljw7zSrmP2LszN2lRjFoC8GJx5v:aY0mygdVlM7zSsWRSCv3R
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-