General
-
Target
JaffaCakes118_c3ccb3297b24ed6ff2c4ee3386d14851
-
Size
940.3MB
-
Sample
241224-qxzrfsynhr
-
MD5
c3ccb3297b24ed6ff2c4ee3386d14851
-
SHA1
a64ccaa389721fd638ce7aed9666e52d0ed75743
-
SHA256
7734bd3afeba5e442e14c2012fdc48699b80130fd0946d584e8e5e63854772fc
-
SHA512
9be1641803c59ab3cbb85b04f4fc40d8e494349af01edfc4833420a6c2fde2897b46c43cf6aa7c51155d55948a45348b28e3ec7abf93c22771f3632f2e7b4e70
-
SSDEEP
6144:CMW+SXVyLP7mjFXuxyDG4dIgBZcE/uZIxY+RucWNZTCnMBIw:9W+SXVyLP7mjExyrdIy/zmvcST+Nw
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_c3ccb3297b24ed6ff2c4ee3386d14851.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_c3ccb3297b24ed6ff2c4ee3386d14851.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
cryptexx
91.121.90.129:39821
-
auth_value
15606d7ce86d535ab6b25fc8526edeb3
Targets
-
-
Target
JaffaCakes118_c3ccb3297b24ed6ff2c4ee3386d14851
-
Size
940.3MB
-
MD5
c3ccb3297b24ed6ff2c4ee3386d14851
-
SHA1
a64ccaa389721fd638ce7aed9666e52d0ed75743
-
SHA256
7734bd3afeba5e442e14c2012fdc48699b80130fd0946d584e8e5e63854772fc
-
SHA512
9be1641803c59ab3cbb85b04f4fc40d8e494349af01edfc4833420a6c2fde2897b46c43cf6aa7c51155d55948a45348b28e3ec7abf93c22771f3632f2e7b4e70
-
SSDEEP
6144:CMW+SXVyLP7mjFXuxyDG4dIgBZcE/uZIxY+RucWNZTCnMBIw:9W+SXVyLP7mjExyrdIy/zmvcST+Nw
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-