General
-
Target
JaffaCakes118_40d4f96d2d61e133fb1e5ed913519d1a
-
Size
700.0MB
-
Sample
241224-qv7paayngq
-
MD5
40d4f96d2d61e133fb1e5ed913519d1a
-
SHA1
c568b67141ad743982b06ccd1cdbb28450971c63
-
SHA256
338c709ef0a8f67f35d7482ad902486e0d2bf2eb5c4ec88822fff879ea410ca3
-
SHA512
dbca0f7032299078279580efa349758e7f305d3c3c7748b7ab8adb971e6bf12c46f12a2e1a468d542bcf701a6261d818f6e2a8b13ad005adae3cd8a1fb8ad4da
-
SSDEEP
12288:VeXSJCXJ14lkIfYr1DR40VovCp0HkFrvMMc1eGnBjL8nA5wt6:VISJCXJ142IfYVOaSHWrvIbBLq4
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_40d4f96d2d61e133fb1e5ed913519d1a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_40d4f96d2d61e133fb1e5ed913519d1a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mix2
185.215.113.98:8942
-
auth_value
0c8a87333f20ae8c0f5b594039fbada9
Targets
-
-
Target
JaffaCakes118_40d4f96d2d61e133fb1e5ed913519d1a
-
Size
700.0MB
-
MD5
40d4f96d2d61e133fb1e5ed913519d1a
-
SHA1
c568b67141ad743982b06ccd1cdbb28450971c63
-
SHA256
338c709ef0a8f67f35d7482ad902486e0d2bf2eb5c4ec88822fff879ea410ca3
-
SHA512
dbca0f7032299078279580efa349758e7f305d3c3c7748b7ab8adb971e6bf12c46f12a2e1a468d542bcf701a6261d818f6e2a8b13ad005adae3cd8a1fb8ad4da
-
SSDEEP
12288:VeXSJCXJ14lkIfYr1DR40VovCp0HkFrvMMc1eGnBjL8nA5wt6:VISJCXJ142IfYVOaSHWrvIbBLq4
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-