Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/04/2024, 20:59
Static task
static1
Behavioral task
behavioral1
Sample
e3452c6f812b8d9f8f97a3ce7b4ad4aa_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e3452c6f812b8d9f8f97a3ce7b4ad4aa_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
e3452c6f812b8d9f8f97a3ce7b4ad4aa_JaffaCakes118.exe
-
Size
347KB
-
MD5
e3452c6f812b8d9f8f97a3ce7b4ad4aa
-
SHA1
17a69faa00c51b82c337a97c092e58421a03ada9
-
SHA256
15cea52db77fc6411ed0cd5f248636f190e3ccdd1bb4a3138a95eb60a60ca06f
-
SHA512
fe0e4a14705aab3ec898ddea6f31531bef5ba3131054488cf2c3f50eed2bd58283a6209cedd3c5797bf6ac9f9a5e5c338c6feb416cd5433293bf14e71867f942
-
SSDEEP
6144:LQmy92HV36RFEe5r37g7A9cQ6ovMHD3d499O8UYIezrohZwmz:v221KRFEu37kjQ6CMHzm99dIezroha+
Malware Config
Extracted
redline
193.38.55.57:7575
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
resource yara_rule behavioral2/memory/1468-3-0x0000000004280000-0x00000000042A2000-memory.dmp family_redline behavioral2/memory/1468-6-0x0000000004740000-0x0000000004760000-memory.dmp family_redline -
SectopRAT payload 2 IoCs
resource yara_rule behavioral2/memory/1468-3-0x0000000004280000-0x00000000042A2000-memory.dmp family_sectoprat behavioral2/memory/1468-6-0x0000000004740000-0x0000000004760000-memory.dmp family_sectoprat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1468 e3452c6f812b8d9f8f97a3ce7b4ad4aa_JaffaCakes118.exe