Overview

overview

10

Static

static

1

JaffaCakes...f9.exe

windows7-x64

10

JaffaCakes...f9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_86ac1786ec128539c8232ebdae87eef9

  • Size

    1.1MB

  • Sample

    250108-c5zjrszrex

  • MD5

    86ac1786ec128539c8232ebdae87eef9

  • SHA1

    8f6da9dd43d35f317332ea8906891d3df5520734

  • SHA256

    84d735d199535d1cf5c38355e3698c3855405823c8b6fc3d7e0c8d21a9b9ae91

  • SHA512

    3cc6e081014d73a95cba7e15a197af8c63a5e5a881d7b351c47054eef5c3796e019e2f9163b25f055d720b1be220a817cfa823cdf42160bd65af62af439025cd

  • SSDEEP

    24576:wDHGVCN2dNdTYf7hRGBDxlBpBU45g1LjC1gkn3RDqk:wDHqzuf7mBDVpBKjC1z3

Score
10/10
redlinediscoveryexecutioninfostealerpersistence

Malware Config

Targets

    • Target

      JaffaCakes118_86ac1786ec128539c8232ebdae87eef9

    • Size

      1.1MB

    • MD5

      86ac1786ec128539c8232ebdae87eef9

    • SHA1

      8f6da9dd43d35f317332ea8906891d3df5520734

    • SHA256

      84d735d199535d1cf5c38355e3698c3855405823c8b6fc3d7e0c8d21a9b9ae91

    • SHA512

      3cc6e081014d73a95cba7e15a197af8c63a5e5a881d7b351c47054eef5c3796e019e2f9163b25f055d720b1be220a817cfa823cdf42160bd65af62af439025cd

    • SSDEEP

      24576:wDHGVCN2dNdTYf7hRGBDxlBpBU45g1LjC1gkn3RDqk:wDHqzuf7mBDVpBKjC1z3

    Score
    10/10
    redlinediscoveryexecutioninfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks