General
-
Target
JaffaCakes118_e6ca2e40f46d8abe41eb76ba86f0a2867acbc9fbbaffc90769ced891c87e968a
-
Size
734.3MB
-
Sample
241224-n2vl7axkbk
-
MD5
52df2a39819f3488060a76b5b480e7b2
-
SHA1
06aaec51456db541cd461a4f9569191c2dac9b70
-
SHA256
e6ca2e40f46d8abe41eb76ba86f0a2867acbc9fbbaffc90769ced891c87e968a
-
SHA512
a53753d209ccb4104700e13fd39715868b0e47bf4704ae1570b9f4e85d9d5a212f5a81d310ab7f014ae79da076ef996346f67c61961e9a41730ca538b34c629a
-
SSDEEP
1536:wS44cISk+2GlV12JrNKAC5rSW7sM/yExKGvS/VMcYzthOij0u2p9/0jAeqgDKXOV:wHMXc71CNRGmwzdguO9/QfK+yQesOO
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_e6ca2e40f46d8abe41eb76ba86f0a2867acbc9fbbaffc90769ced891c87e968a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_e6ca2e40f46d8abe41eb76ba86f0a2867acbc9fbbaffc90769ced891c87e968a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
5967465505_99
cocomarket.win:3306
cocomarket.win:28786
-
auth_value
2973451d1614a2e782ae153fbce2b56b
Targets
-
-
Target
JaffaCakes118_e6ca2e40f46d8abe41eb76ba86f0a2867acbc9fbbaffc90769ced891c87e968a
-
Size
734.3MB
-
MD5
52df2a39819f3488060a76b5b480e7b2
-
SHA1
06aaec51456db541cd461a4f9569191c2dac9b70
-
SHA256
e6ca2e40f46d8abe41eb76ba86f0a2867acbc9fbbaffc90769ced891c87e968a
-
SHA512
a53753d209ccb4104700e13fd39715868b0e47bf4704ae1570b9f4e85d9d5a212f5a81d310ab7f014ae79da076ef996346f67c61961e9a41730ca538b34c629a
-
SSDEEP
1536:wS44cISk+2GlV12JrNKAC5rSW7sM/yExKGvS/VMcYzthOij0u2p9/0jAeqgDKXOV:wHMXc71CNRGmwzdguO9/QfK+yQesOO
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Suspicious use of SetThreadContext
-