Overview

overview

10

Static

static

3

0976438f12...18.exe

windows7-x64

10

0976438f12...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-03-2024 15:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0976438f123fede6f710a160e3617966_JaffaCakes118.exe

  • Size

    323KB

  • MD5

    0976438f123fede6f710a160e3617966

  • SHA1

    1f015aa4bf3133094692c741b4effdef6ade6a47

  • SHA256

    d78a626a36559da75eca7cb8e62e5e1c872633246a8ec664700dc968efc71f24

  • SHA512

    eb6941ea664a4d06754cc08eb88e15ef58e7f27ce2927841c31fd2fa9cd2aa58142c08c740e1bc8d0c0f0cf5d7d0c27547619ce20ce3d8f32e7e4306a0dc9057

  • SSDEEP

    6144:IQWIGvUMQmHaiFDod4M3vRVx98aC3oAxi1ZGpED:DWIGcmHtDodBH8n9izp

Score
10/10
redlinesectopratsewpalpinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

sewPalp

C2

185.215.113.29:24645

Attributes
  • auth_value

    41d3df6d093b1e36993abf16af0d6f2d

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0976438f123fede6f710a160e3617966_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0976438f123fede6f710a160e3617966_JaffaCakes118.exe"
    1⤵
      PID:3568
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:412

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3568-1-0x00000000005F0000-0x00000000006F0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/3568-2-0x00000000005A0000-0x00000000005D0000-memory.dmp

        Filesize

        192KB

        Download

      • memory/3568-3-0x0000000000400000-0x00000000004C3000-memory.dmp

        Filesize

        780KB

        Download

      • memory/3568-4-0x0000000074BD0000-0x0000000075380000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3568-5-0x0000000004C50000-0x0000000004C60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3568-6-0x0000000002390000-0x00000000023B4000-memory.dmp

        Filesize

        144KB

        Download

      • memory/3568-7-0x0000000004C50000-0x0000000004C60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3568-8-0x0000000004C60000-0x0000000005204000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/3568-9-0x0000000004B70000-0x0000000004B92000-memory.dmp

        Filesize

        136KB

        Download

      • memory/3568-10-0x0000000005210000-0x0000000005828000-memory.dmp

        Filesize

        6.1MB

        Download

      • memory/3568-11-0x0000000004C20000-0x0000000004C32000-memory.dmp

        Filesize

        72KB

        Download

      • memory/3568-12-0x0000000005830000-0x000000000593A000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/3568-13-0x0000000000400000-0x00000000004C3000-memory.dmp

        Filesize

        780KB

        Download

      • memory/3568-14-0x0000000004C50000-0x0000000004C60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3568-15-0x0000000005940000-0x000000000597C000-memory.dmp

        Filesize

        240KB

        Download

      • memory/3568-16-0x00000000059B0000-0x00000000059FC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/3568-17-0x00000000005F0000-0x00000000006F0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/3568-18-0x00000000005A0000-0x00000000005D0000-memory.dmp

        Filesize

        192KB

        Download

      • memory/3568-20-0x0000000074BD0000-0x0000000075380000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3568-21-0x0000000004C50000-0x0000000004C60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3568-23-0x0000000004C50000-0x0000000004C60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3568-24-0x0000000004C50000-0x0000000004C60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3568-25-0x0000000004C50000-0x0000000004C60000-memory.dmp

        Filesize

        64KB

        Download