Extracted

• • Target

    JaffaCakes118_4ee87493bc8da621362bb0715bfb8355b9a86b046d4d81c42d4167c008bbb9f9

  • Size

    802.3MB

  • MD5

    c40ec2a14fee303cdf163ebd8506632b

  • SHA1

    cf81590424be43b418f14b7a4c3c0d22f5c1c376

  • SHA256

    4ee87493bc8da621362bb0715bfb8355b9a86b046d4d81c42d4167c008bbb9f9

  • SHA512

    e8577431f73ad0b32fdaff3d30df29fd734565638a12ae08ebc056cef91038145bc963a631f96aa738cde3868397322bfeb6f27920fc799d6a2715a38620abc5

  • SSDEEP

    196608:NmgAaWK7DGiuxwcIYuQK6g9H9lNvQ/Hb+q:NmgAaWK7DGKJYc/OHd

  Score

  10^/10

  redline@maksimus33discoveryevasioninfostealerthemidatrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2