General
-
Target
JaffaCakes118_6872346b1b51a9e0c9442fb7d4d03969af3ce7e60c1014fab0f35d8e5ca10417
-
Size
715.8MB
-
Sample
241230-wzsc2ssngl
-
MD5
94b94d3d540398b7a5a3336d70d50194
-
SHA1
ceb17e1848c814f65722b6a4a546f9cb0aedd1d4
-
SHA256
6872346b1b51a9e0c9442fb7d4d03969af3ce7e60c1014fab0f35d8e5ca10417
-
SHA512
bc78d150768cb49dba1a84d18bec356ed7c6f997aa60dc815578a664ee76eeca643841944998b7059a1821fa1157c96201fd38461e23c0c36ae635fea6b3e5dc
-
SSDEEP
1536:Frae78zjORCDGwfdCSog01313pmIs5gf6s1POTQCcdxNqHHzs9lReMbP:LahKyd2n315s5c6s12TQ1NqHHzs9veML
Malware Config
Extracted
purecrypter
https://www.franceconsobanque.fr/wp-admin/images/css/design/fabric/bo/Sjbgpxzi.bmp
Extracted
redline
@gestaslinoff
45.15.157.131:36457
-
auth_value
95adc00b732fc138a3ecc231c485a57a
Targets
-
-
Target
JaffaCakes118_6872346b1b51a9e0c9442fb7d4d03969af3ce7e60c1014fab0f35d8e5ca10417
-
Size
715.8MB
-
MD5
94b94d3d540398b7a5a3336d70d50194
-
SHA1
ceb17e1848c814f65722b6a4a546f9cb0aedd1d4
-
SHA256
6872346b1b51a9e0c9442fb7d4d03969af3ce7e60c1014fab0f35d8e5ca10417
-
SHA512
bc78d150768cb49dba1a84d18bec356ed7c6f997aa60dc815578a664ee76eeca643841944998b7059a1821fa1157c96201fd38461e23c0c36ae635fea6b3e5dc
-
SSDEEP
1536:Frae78zjORCDGwfdCSog01313pmIs5gf6s1POTQCcdxNqHHzs9lReMbP:LahKyd2n315s5c6s12TQ1NqHHzs9veML
Score10/10-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Purecrypter family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-