General
-
Target
JaffaCakes118_d7cd49477ad1b8c676dc3507372ca774a69af98280db45a1c9ad0c5f0a4c309e
-
Size
700.0MB
-
Sample
241225-tn3njaxqax
-
MD5
9a2c573e882d31251e1bcd07ba90585f
-
SHA1
d46878f2ad28df08972371a617bce73ae623523c
-
SHA256
d7cd49477ad1b8c676dc3507372ca774a69af98280db45a1c9ad0c5f0a4c309e
-
SHA512
40ac3d1cca6bb8eb7ccfb0d1ae0467423b0355ee5cded84b1095a284f08cecbd70325b808df933d47a7af60081470ad71ee1021e724759227379052302ff3894
-
SSDEEP
98304:h9eCUTzzphq1G/jxZIo0YYUOJimJJQYts5JcyTcvg6BtufkCJ:PefTzVhqpP9JvgpTcvf7ufz
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_d7cd49477ad1b8c676dc3507372ca774a69af98280db45a1c9ad0c5f0a4c309e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_d7cd49477ad1b8c676dc3507372ca774a69af98280db45a1c9ad0c5f0a4c309e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
Notepad_2
194.36.177.124:39456
-
auth_value
37464cc4dd294b9925a8c1092e1c72a9
Targets
-
-
Target
JaffaCakes118_d7cd49477ad1b8c676dc3507372ca774a69af98280db45a1c9ad0c5f0a4c309e
-
Size
700.0MB
-
MD5
9a2c573e882d31251e1bcd07ba90585f
-
SHA1
d46878f2ad28df08972371a617bce73ae623523c
-
SHA256
d7cd49477ad1b8c676dc3507372ca774a69af98280db45a1c9ad0c5f0a4c309e
-
SHA512
40ac3d1cca6bb8eb7ccfb0d1ae0467423b0355ee5cded84b1095a284f08cecbd70325b808df933d47a7af60081470ad71ee1021e724759227379052302ff3894
-
SSDEEP
98304:h9eCUTzzphq1G/jxZIo0YYUOJimJJQYts5JcyTcvg6BtufkCJ:PefTzVhqpP9JvgpTcvf7ufz
-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Purecrypter family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-