Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/04/2024, 15:30
Behavioral task
behavioral1
Sample
e2d90156ab03ca59299b499a70cd598d_JaffaCakes118.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
e2d90156ab03ca59299b499a70cd598d_JaffaCakes118.exe
-
Size
100KB
-
MD5
e2d90156ab03ca59299b499a70cd598d
-
SHA1
39987c1bdfad0133748a95eda4bb0f6448ca2ea1
-
SHA256
171c0968fc8c8eba4e8a577723b50e7b23971905c4b056262e3b31103cb3a593
-
SHA512
be6c765922c35620667333ad7b9a1fb1f1cc53b369cb405bd1e36b5db762591e9d04e6c595a682d79d94449b1b8afbd94ee60db2eae345be8f2010b3231011d7
-
SSDEEP
1536:So6aGbaCsims9p51RS7e7qop9FF5auCw5e7gbue7vVuvNyAsdZketx5REnG6WAaE:SdxmCJp51sYF4Vge83Vulydd7NW9r
Malware Config
Extracted
Family
redline
Botnet
zalupa228
C2
45.140.147.31:22127
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/5056-0-0x0000000000430000-0x000000000044E000-memory.dmp family_redline -
SectopRAT payload 1 IoCs
resource yara_rule behavioral2/memory/5056-0-0x0000000000430000-0x000000000044E000-memory.dmp family_sectoprat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5056 e2d90156ab03ca59299b499a70cd598d_JaffaCakes118.exe