Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
16-07-2024 13:39
Static task
static1
Behavioral task
behavioral1
Sample
4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe
-
Size
1.1MB
-
MD5
4e8e8fe5532dcf1718736b6e609a7347
-
SHA1
866b192d3d4cfbd052e79b6d5dc34d64865a83be
-
SHA256
3771061d77038be696f3f2e455b8d17098826808061207392e45b136940b6e32
-
SHA512
2d3cd086f36be4b98357f480c7f460fcb038835a9985ef49915bd44f7d88c56b97d6c0e3db7379ea0ebd1c155113e3ab537e191a42ede18c4dc98aacacf1143e
-
SSDEEP
24576:5HNjQUpoNkgukE36Oi547Y02SiTYIWlX8pkOjWQy3B9/zJWgNhNS0:5GUmNkgukdOi67YNsIWlWjw9/zJBS0
Malware Config
Extracted
redline
@hdqiwiwallet
185.209.22.181:34925
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2496-2-0x0000000000EE0000-0x000000000127C000-memory.dmp family_sectoprat -
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
Processes:
4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exepid process 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exepid process 2496 4e8e8fe5532dcf1718736b6e609a7347_JaffaCakes118.exe