Analysis
-
max time kernel
133s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-04-2024 07:32
General
-
Target
fc3f82c9200496428652bef9892ed46e_JaffaCakes118.exe
-
Size
98KB
-
MD5
fc3f82c9200496428652bef9892ed46e
-
SHA1
884af2a82420b07253fbddbb5081fd7812efe4b3
-
SHA256
cd2cb1220011afa6a1bfc8f5457bba94964777743247a0b374f1147c9204ed66
-
SHA512
7de2381f3e3f3faabfd122d33cf7b0a5386a95f2efe1bee87a8756d6bbf321d5e0e437135c483817ee4ec486fb9e6a0eb3f67136829f39ab4b3fe08165bcae4f
-
SSDEEP
1536:x3LNmoceatVGuo43eF5MN/JFbYmbfexvcuQUyyedQ33lqCxXsEWG6ijoiga:xxmocSHmN/J9FgcubyzdhSn1
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
pool
C2
87.120.37.152:5605
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc3f82c9200496428652bef9892ed46e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fc3f82c9200496428652bef9892ed46e_JaffaCakes118.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2904-0-0x00000000001F0000-0x000000000020E000-memory.dmpFilesize
120KB
-
memory/2904-1-0x0000000074340000-0x0000000074A2E000-memory.dmpFilesize
6.9MB
-
memory/2904-2-0x0000000001DB0000-0x0000000001DF0000-memory.dmpFilesize
256KB
-
memory/2904-3-0x0000000074340000-0x0000000074A2E000-memory.dmpFilesize
6.9MB
-
memory/2904-4-0x0000000001DB0000-0x0000000001DF0000-memory.dmpFilesize
256KB