Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 20:59
Static task
static1
Behavioral task
behavioral1
Sample
e3452c6f812b8d9f8f97a3ce7b4ad4aa_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e3452c6f812b8d9f8f97a3ce7b4ad4aa_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
e3452c6f812b8d9f8f97a3ce7b4ad4aa_JaffaCakes118.exe
-
Size
347KB
-
MD5
e3452c6f812b8d9f8f97a3ce7b4ad4aa
-
SHA1
17a69faa00c51b82c337a97c092e58421a03ada9
-
SHA256
15cea52db77fc6411ed0cd5f248636f190e3ccdd1bb4a3138a95eb60a60ca06f
-
SHA512
fe0e4a14705aab3ec898ddea6f31531bef5ba3131054488cf2c3f50eed2bd58283a6209cedd3c5797bf6ac9f9a5e5c338c6feb416cd5433293bf14e71867f942
-
SSDEEP
6144:LQmy92HV36RFEe5r37g7A9cQ6ovMHD3d499O8UYIezrohZwmz:v221KRFEu37kjQ6CMHzm99dIezroha+
Malware Config
Extracted
redline
193.38.55.57:7575
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 4 IoCs
resource yara_rule behavioral1/memory/2952-4-0x0000000003C90000-0x0000000003CB2000-memory.dmp family_redline behavioral1/memory/2952-5-0x00000000067B0000-0x00000000067F0000-memory.dmp family_redline behavioral1/memory/2952-8-0x0000000004010000-0x0000000004030000-memory.dmp family_redline behavioral1/memory/2952-9-0x00000000067B0000-0x00000000067F0000-memory.dmp family_redline -
SectopRAT payload 4 IoCs
resource yara_rule behavioral1/memory/2952-4-0x0000000003C90000-0x0000000003CB2000-memory.dmp family_sectoprat behavioral1/memory/2952-5-0x00000000067B0000-0x00000000067F0000-memory.dmp family_sectoprat behavioral1/memory/2952-8-0x0000000004010000-0x0000000004030000-memory.dmp family_sectoprat behavioral1/memory/2952-9-0x00000000067B0000-0x00000000067F0000-memory.dmp family_sectoprat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2952 e3452c6f812b8d9f8f97a3ce7b4ad4aa_JaffaCakes118.exe