Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20-09-2024 20:17
Static task
static1
Behavioral task
behavioral1
Sample
ee5a09994d9f7a30c635dcb912e80e3b_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ee5a09994d9f7a30c635dcb912e80e3b_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
ee5a09994d9f7a30c635dcb912e80e3b_JaffaCakes118.exe
-
Size
367KB
-
MD5
ee5a09994d9f7a30c635dcb912e80e3b
-
SHA1
bd4b294077726f706f8f9bac13a2f4e539a3f35f
-
SHA256
e03fafad4f9ad1aee248fa501cab22283f8e1a22d920bf8b600a06bfedaba966
-
SHA512
b6f42d787e3e10f69a541605c63844067b77f6550795ca8af26cda1278caa9d3a29b91f84592faffd113581a2af6c3722a3bacf47bb16ab1287a3636d33351fe
-
SSDEEP
6144:Usj9FM045LE2CAL9xmGhh1leQPROhxxpeTr/ekI:p9FMn9hCqeGh5DUzxp6L
Malware Config
Extracted
redline
SewPalpadin
185.215.113.29:18087
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2100-5-0x0000000000590000-0x00000000005B6000-memory.dmp family_redline behavioral1/memory/2100-6-0x0000000001F00000-0x0000000001F24000-memory.dmp family_redline -
SectopRAT payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2100-5-0x0000000000590000-0x00000000005B6000-memory.dmp family_sectoprat behavioral1/memory/2100-6-0x0000000001F00000-0x0000000001F24000-memory.dmp family_sectoprat -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
ee5a09994d9f7a30c635dcb912e80e3b_JaffaCakes118.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ee5a09994d9f7a30c635dcb912e80e3b_JaffaCakes118.exe