redline | 81a962862c3c796af1b94b1674698aa15a3c0f4abcb86e0ac23a810c4d4fc0e9

Analysis

max time kernel
148s
max time network
161s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 15:53

Target

edcb357b3189f26818f5212a07734168_JaffaCakes118.exe
Size

287KB
MD5

edcb357b3189f26818f5212a07734168
SHA1

9927c47ddfd38f9f239b5eb06590312f550c06bc
SHA256

81a962862c3c796af1b94b1674698aa15a3c0f4abcb86e0ac23a810c4d4fc0e9
SHA512

3cddb80ea596446762b468f7dd73d76a7c695d493bd85cc793884d066720e5aa7154b6ec8b922b090a823d73caae8421e0238cfdc70490b2ce9d2f5d89808b99
SSDEEP

6144:ILS4rIgP6vmln0CZiZNjO27seKOba1xvOROUSCi:IO4rnC6n0VZpHAtLOpXi

Score

10^/10

Family

redline

Botnet

UPD

193.56.146.78:54955

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2796-3-0x00000000047A0000-0x00000000047C2000-memory.dmp	family_redline
behavioral1/memory/2796-9-0x00000000047D0000-0x00000000047F0000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2796-3-0x00000000047A0000-0x00000000047C2000-memory.dmp	family_sectoprat
behavioral1/memory/2796-9-0x00000000047D0000-0x00000000047F0000-memory.dmp	family_sectoprat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

edcb357b3189f26818f5212a07734168_JaffaCakes118.exe

description pid process

Token: SeDebugPrivilege 2796 edcb357b3189f26818f5212a07734168_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	2796	edcb357b3189f26818f5212a07734168_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\edcb357b3189f26818f5212a07734168_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\edcb357b3189f26818f5212a07734168_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2796

memory/2796-1-0x0000000002D50000-0x0000000002E50000-memory.dmp

Filesize
1024KB

Download
memory/2796-2-0x00000000002B0000-0x00000000002DF000-memory.dmp

Filesize
188KB

Download
memory/2796-4-0x0000000000400000-0x0000000002CD5000-memory.dmp

Filesize
40.8MB

Download
memory/2796-3-0x00000000047A0000-0x00000000047C2000-memory.dmp

Filesize
136KB

Download
memory/2796-5-0x0000000007120000-0x0000000007160000-memory.dmp

Filesize
256KB

Download
memory/2796-6-0x00000000744B0000-0x0000000074B9E000-memory.dmp

Filesize
6.9MB

Download
memory/2796-7-0x0000000007120000-0x0000000007160000-memory.dmp

Filesize
256KB

Download
memory/2796-8-0x0000000007120000-0x0000000007160000-memory.dmp

Filesize
256KB

Download
memory/2796-9-0x00000000047D0000-0x00000000047F0000-memory.dmp

Filesize
128KB

Download
memory/2796-10-0x0000000007120000-0x0000000007160000-memory.dmp

Filesize
256KB

Download
memory/2796-12-0x0000000002D50000-0x0000000002E50000-memory.dmp

Filesize
1024KB

Download
memory/2796-13-0x0000000007120000-0x0000000007160000-memory.dmp

Filesize
256KB

Download
memory/2796-14-0x00000000744B0000-0x0000000074B9E000-memory.dmp

Filesize
6.9MB

Download
memory/2796-16-0x0000000007120000-0x0000000007160000-memory.dmp

Filesize
256KB

Download