Overview

overview

10

Static

static

3

JaffaCakes...33.exe

windows7-x64

10

JaffaCakes...33.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_f32f0973ac645d486efd6b0d2ba41233

  • Size

    816KB

  • Sample

    250111-bmlphsyphm

  • MD5

    f32f0973ac645d486efd6b0d2ba41233

  • SHA1

    88c21dc32e3e3e0f7a180c73a67da1d33a607d7e

  • SHA256

    6de8ec31f54283d326c41d633361a19f8635d269f4cf24560b8a994657f6cb89

  • SHA512

    b59e81288f92e3d5114ebda96f93afb41ac286bab07736ecc3e2ba28de2979188b7014066a574e683c6fb66272bb79ec9f206a9123817793ecb62f6581507a22

  • SSDEEP

    24576:EDWHSb4NFK9999dddddddzDdrK9999dddddddzDd/Qwb12RE85eY63ke1Fdil1rG:f84NbELEY63D1Cl1rDteSgiSV

Score
10/10
redline@lzt2021discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

@LZT2021

C2

95.181.152.6:46927

Attributes
  • auth_value

    cdf3919a262c0d6ba99116b375d7551c

Targets

    • Target

      JaffaCakes118_f32f0973ac645d486efd6b0d2ba41233

    • Size

      816KB

    • MD5

      f32f0973ac645d486efd6b0d2ba41233

    • SHA1

      88c21dc32e3e3e0f7a180c73a67da1d33a607d7e

    • SHA256

      6de8ec31f54283d326c41d633361a19f8635d269f4cf24560b8a994657f6cb89

    • SHA512

      b59e81288f92e3d5114ebda96f93afb41ac286bab07736ecc3e2ba28de2979188b7014066a574e683c6fb66272bb79ec9f206a9123817793ecb62f6581507a22

    • SSDEEP

      24576:EDWHSb4NFK9999dddddddzDdrK9999dddddddzDd/Qwb12RE85eY63ke1Fdil1rG:f84NbELEY63D1Cl1rDteSgiSV

    Score
    10/10
    redline@lzt2021discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks