Overview

overview

10

Static

static

3

JaffaCakes...49.exe

windows7-x64

10

JaffaCakes...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_10996ff279c9a31dbdea82d6a3c9dbd3e51cbd7897437c98827de00a66196049

  • Size

    687.2MB

  • Sample

    241229-gexppstqgq

  • MD5

    b7e91d713172dd2ed07e684d42a69e2a

  • SHA1

    49ffcaf6866abcf477f1736cae9d1ec57f678fad

  • SHA256

    10996ff279c9a31dbdea82d6a3c9dbd3e51cbd7897437c98827de00a66196049

  • SHA512

    ae7c1422ac13eb959f3b209061a8e67d3c1bdf530fa838c0bee889dcc53ec3e3966d59d2fabd22bcc333fadc61c4b5902ea7b232f661f08ea9182c3d9b6e39d8

  • SSDEEP

    12288:OJxEjE1RrkHDS8BULn0gufJRU4WdN4tNCoF0g:6uS8GAJUn4tzF0

Score
10/10
redlinelogsdiller cloud (bot: @logsdillabot)discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Bot: @logsdillabot)

C2

213.32.44.120:6254

Attributes
  • auth_value

    ed000008c0b59caf793b48c8ea9a7233

Targets

    • Target

      JaffaCakes118_10996ff279c9a31dbdea82d6a3c9dbd3e51cbd7897437c98827de00a66196049

    • Size

      687.2MB

    • MD5

      b7e91d713172dd2ed07e684d42a69e2a

    • SHA1

      49ffcaf6866abcf477f1736cae9d1ec57f678fad

    • SHA256

      10996ff279c9a31dbdea82d6a3c9dbd3e51cbd7897437c98827de00a66196049

    • SHA512

      ae7c1422ac13eb959f3b209061a8e67d3c1bdf530fa838c0bee889dcc53ec3e3966d59d2fabd22bcc333fadc61c4b5902ea7b232f661f08ea9182c3d9b6e39d8

    • SSDEEP

      12288:OJxEjE1RrkHDS8BULn0gufJRU4WdN4tNCoF0g:6uS8GAJUn4tzF0

    Score
    10/10
    redlinelogsdiller cloud (bot: @logsdillabot)discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks