Analysis
-
max time kernel
131s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
07-01-2025 07:34
Behavioral task
behavioral1
Sample
JaffaCakes118_55c464709896fb1f42ae9d11a865aef3.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_55c464709896fb1f42ae9d11a865aef3.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_55c464709896fb1f42ae9d11a865aef3.exe
-
Size
102KB
-
MD5
55c464709896fb1f42ae9d11a865aef3
-
SHA1
1a9c9d4b4b8b10342dc77de2d3360ed3976b99f5
-
SHA256
6b4360e4aa5481a97ea1e95be4c65caa3689b5b791525201843a8944b90efee8
-
SHA512
e2c72553b6a41204d67d79f07e778a71819e68bb22fd9d6857c39f493b8e1c89f2be494bc7cde0225f8d3d55adca7befbb9cea1b5b1113fbe9e137c34d49b3d4
-
SSDEEP
3072:MX5axE0H99Dw0KJHr3333b7aN2NBnp7BZrC6B:MQKJHr3333Hzu4
Malware Config
Extracted
redline
@cynematic_adm
45.137.190.237:27973
-
auth_value
90a7f02f0cbc48c0c8632519fbd10c4b
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/4004-1-0x00000000006D0000-0x00000000006EE000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_55c464709896fb1f42ae9d11a865aef3.exe