Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
08-12-2024 16:15
Behavioral task
behavioral1
Sample
d7ebc1193dae6cb66f6675590aa1c7db_JaffaCakes118.exe
Resource
win7-20240729-en
General
-
Target
d7ebc1193dae6cb66f6675590aa1c7db_JaffaCakes118.exe
-
Size
95KB
-
MD5
d7ebc1193dae6cb66f6675590aa1c7db
-
SHA1
b1b38a504ca59702357155896d09dfa3c0dd8cd9
-
SHA256
bf5cdc78078f0d5ff6dbbc70986be65ec8added8aa324a5887c9b94799b01b75
-
SHA512
acd821e750c3c39f77ad2e63cd353bd1911f6653a9180397ebcf498d38c60bd8318779c1fd0a1d43eba7323408859a738202d30fa752d46fd0b25b87ae11155f
-
SSDEEP
1536:scdIy9htWR5qV3BamzEt1EEOGb4pQ33HboyFXdUg36Kx/SEjG6aK:scWsh0L6Ramzyhx3H8yRd1Fp
Malware Config
Extracted
redline
ads7
22231jssdszs.fun:80
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral1/memory/2240-1-0x0000000000970000-0x000000000098E000-memory.dmp family_redline -
Redline family
-
SectopRAT payload 1 IoCs
resource yara_rule behavioral1/memory/2240-1-0x0000000000970000-0x000000000098E000-memory.dmp family_sectoprat -
Sectoprat family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d7ebc1193dae6cb66f6675590aa1c7db_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2240 d7ebc1193dae6cb66f6675590aa1c7db_JaffaCakes118.exe