Extracted

• • Target

    JaffaCakes118_f5e18446e95d13433bb0dc7b7965ab21cc1d884bc754424c1dcd2ea48f57f419

  • Size

    781.0MB

  • MD5

    68e781523950bf814b9f274a3894783f

  • SHA1

    627db70d427864cc598cbb0cc0642c5113260a11

  • SHA256

    f5e18446e95d13433bb0dc7b7965ab21cc1d884bc754424c1dcd2ea48f57f419

  • SHA512

    eda6b468f08f60bda2dd5bac93364a43c3ce604a0a12a8084ecdc1e01076418b035359ae440b38703cb0bc11be358d46bb6e54c208d2fe61a18d7931f49c9000

  • SSDEEP

    196608:j7z7bJtJ/GgR0tc0A9rY3mq700agl/4H0WH8:/B/3gc5VYnragl4HF

  Score

  10^/10

  redlinemediscoveryevasioninfostealerthemidatrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2