General
-
Target
JaffaCakes118_c84ac5d003d64abfba712b97ea1e9d5668a457280de8ba05fb17999986ca8fdc
-
Size
746.5MB
-
Sample
241224-vxfqssspby
-
MD5
8328cb63b33363844539847a1bb33455
-
SHA1
911db14e14b45a7fc0db7111c1e18b4a08f4ba58
-
SHA256
c84ac5d003d64abfba712b97ea1e9d5668a457280de8ba05fb17999986ca8fdc
-
SHA512
a8582f081c69471f569ef8822145b6fcf35e8471820c080972eb05e3de02c37a36c9376ee89ebefd47be29398fe9de549fc2e9d8cec391af2720968647237c7b
-
SSDEEP
49152:MOZM2g29VOD1yQpHfzivSp5vrMtyqvFhbqo4uHBlBcl:NLa1JpzivevrMty8bqozB
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_c84ac5d003d64abfba712b97ea1e9d5668a457280de8ba05fb17999986ca8fdc.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_c84ac5d003d64abfba712b97ea1e9d5668a457280de8ba05fb17999986ca8fdc.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
25.03
37.220.87.78:25387
-
auth_value
5cfc89aee6c1fd926c66b4cb6c07caa2
Targets
-
-
Target
JaffaCakes118_c84ac5d003d64abfba712b97ea1e9d5668a457280de8ba05fb17999986ca8fdc
-
Size
746.5MB
-
MD5
8328cb63b33363844539847a1bb33455
-
SHA1
911db14e14b45a7fc0db7111c1e18b4a08f4ba58
-
SHA256
c84ac5d003d64abfba712b97ea1e9d5668a457280de8ba05fb17999986ca8fdc
-
SHA512
a8582f081c69471f569ef8822145b6fcf35e8471820c080972eb05e3de02c37a36c9376ee89ebefd47be29398fe9de549fc2e9d8cec391af2720968647237c7b
-
SSDEEP
49152:MOZM2g29VOD1yQpHfzivSp5vrMtyqvFhbqo4uHBlBcl:NLa1JpzivevrMty8bqozB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-