Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
08-10-2024 19:30
Static task
static1
Behavioral task
behavioral1
Sample
24428735559528c2b5b1b07577deb4f2_JaffaCakes118.exe
Resource
win7-20240708-en
General
-
Target
24428735559528c2b5b1b07577deb4f2_JaffaCakes118.exe
-
Size
269KB
-
MD5
24428735559528c2b5b1b07577deb4f2
-
SHA1
a366dc17216649b2ce38d0de7006a66454b9d1e7
-
SHA256
86050e29270224cae856daa2147558a254e6a5bcff6724aaed9113835d40953e
-
SHA512
3e2e2c958e07f783bb23cf448b81819f54c55cc71fd0e39a793594a3cc4138a45b89a4ef38f224cefee5adffe6d651ead154d6042723ea06fb9d344ad1f5fe5e
-
SSDEEP
3072:shBX6lAPXbEN5aTQFUpJSfY/CLF2k5dxxrReX6xIzxJWtk0+:sXyOeTx0MDxrRgrxJg
Malware Config
Extracted
redline
t2
185.215.113.111:55066
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
resource yara_rule behavioral1/memory/2084-3-0x0000000004510000-0x0000000004532000-memory.dmp family_redline behavioral1/memory/2084-5-0x0000000004680000-0x00000000046A0000-memory.dmp family_redline -
SectopRAT payload 2 IoCs
resource yara_rule behavioral1/memory/2084-3-0x0000000004510000-0x0000000004532000-memory.dmp family_sectoprat behavioral1/memory/2084-5-0x0000000004680000-0x00000000046A0000-memory.dmp family_sectoprat -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 24428735559528c2b5b1b07577deb4f2_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2084 24428735559528c2b5b1b07577deb4f2_JaffaCakes118.exe