redline | JaffaCakes118_a2723a5ba2012bb21d7ae093b0569d3c | Triage

Sharing

General

Target

JaffaCakes118_a2723a5ba2012bb21d7ae093b0569d3c
Size

224KB
MD5

a2723a5ba2012bb21d7ae093b0569d3c
SHA1

f4fa2ac690be5c1ea4c1205b41c64f46b64450ad
SHA256

7cf83a0e4f4d869703f3cebabfe4ffd5e8e47bfca1c9d4e041566b10d90f219f
SHA512

8f934452d8c09be7d20889c643ff37dcf193dc4c6e5e68c2b2ce6c1251363cda603327f31cceb9b06eda1ba5d9076d9461c44c343772460562ce82d22380a856
SSDEEP

3072:r61ZpLFi3/zJBXIqiG4mxoYycgfEc8ePiYTjV6rNQvAqW6Yh3ry2se7A:OZe47Y9chPiYTjV6rNAAqVsyU8

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

JaffaCakes118_a2723a5ba2012bb21d7ae093b0569d3c
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

51:80:d8:9c:28:0d:e3:a1:43:67:18:c3:0d:8a:86:3f
Certificate

Issuer

CN=Knotweeds,O=Houdah Cantharid Inc.,C=OY,1.2.840.113549.1.9.1=#0c187072656d6965726567756176617340676d61696c2e636f6d

Not Before

08-10-2021 21:00

Not After

15-10-2031 21:00

Subject

CN=Knotweeds,O=Houdah Cantharid Inc.,C=OY,1.2.840.113549.1.9.1=#0c187072656d6965726567756176617340676d61696c2e636f6d

90:38:71:1f:c3:34:c9:d0:3c:1c:0f:54:4b:26:e1:0e:bd:ec:73:f5
Signer

Actual PE Digest

90:38:71:1f:c3:34:c9:d0:3c:1c:0f:54:4b:26:e1:0e:bd:ec:73:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ