redline | 34e501b73a9fe6221bfb25ac8a702bc7b1306a1d3362aa2ecb5d98f91960792d

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2dde9ecca47687be8a1e10593699f198_JaffaCakes118.exe
Size

426KB
MD5

2dde9ecca47687be8a1e10593699f198
SHA1

d754f95d285f7865b5bc054cdf4fb2b629019102
SHA256

34e501b73a9fe6221bfb25ac8a702bc7b1306a1d3362aa2ecb5d98f91960792d
SHA512

e2feeb188874453c6c08da79898e1c89c94114c942b6286df8da536d75e854c7335f92730a56d237c45dd5d6f259a2cd19a11a4668cada0686d7008301251770
SSDEEP

6144:IWAoJ3ws/Qf8o2M9MsMKPf9QdmBnnNoYiZ+1NUb8LMpayB8fqRyvm/hxPbB:IoMDPf9QdmBnnNoYi83UbsMphwqRymp

Score

10^/10

redline sectoprat paladin infostealer rat trojan

Malware Config

Extracted

Family

redline

Botnet

paladin

37.228.129.48:29795

Attributes

auth_value
f27db372188045eefdf974196ead3dae

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/5056-4-0x0000000002740000-0x0000000002776000-memory.dmp	family_redline
behavioral2/memory/5056-9-0x0000000004E70000-0x0000000004EA2000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/5056-4-0x0000000002740000-0x0000000002776000-memory.dmp	family_sectoprat
behavioral2/memory/5056-6-0x0000000004EF0000-0x0000000004F00000-memory.dmp	family_sectoprat
behavioral2/memory/5056-9-0x0000000004E70000-0x0000000004EA2000-memory.dmp	family_sectoprat

C:\Users\Admin\AppData\Local\Temp\2dde9ecca47687be8a1e10593699f198_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2dde9ecca47687be8a1e10593699f198_JaffaCakes118.exe"
1⤵
PID:5056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5056-1-0x0000000000820000-0x0000000000920000-memory.dmp

Filesize
1024KB

Download
memory/5056-2-0x00000000024D0000-0x0000000002513000-memory.dmp

Filesize
268KB

Download
memory/5056-3-0x0000000000400000-0x000000000079C000-memory.dmp

Filesize
3.6MB

Download
memory/5056-4-0x0000000002740000-0x0000000002776000-memory.dmp

Filesize
216KB

Download
memory/5056-5-0x0000000074C30000-0x00000000753E0000-memory.dmp

Filesize
7.7MB

Download
memory/5056-6-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/5056-7-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/5056-8-0x0000000004F00000-0x00000000054A4000-memory.dmp

Filesize
5.6MB

Download
memory/5056-9-0x0000000004E70000-0x0000000004EA2000-memory.dmp

Filesize
200KB

Download
memory/5056-10-0x00000000054B0000-0x0000000005AC8000-memory.dmp

Filesize
6.1MB

Download
memory/5056-11-0x0000000005B00000-0x0000000005B12000-memory.dmp

Filesize
72KB

Download
memory/5056-12-0x0000000005B20000-0x0000000005C2A000-memory.dmp

Filesize
1.0MB

Download
memory/5056-13-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/5056-14-0x0000000005C30000-0x0000000005C6C000-memory.dmp

Filesize
240KB

Download
memory/5056-15-0x0000000005CB0000-0x0000000005CFC000-memory.dmp

Filesize
304KB

Download
memory/5056-16-0x0000000000400000-0x000000000079C000-memory.dmp

Filesize
3.6MB

Download
memory/5056-17-0x0000000000820000-0x0000000000920000-memory.dmp

Filesize
1024KB

Download
memory/5056-18-0x00000000024D0000-0x0000000002513000-memory.dmp

Filesize
268KB

Download
memory/5056-19-0x0000000074C30000-0x00000000753E0000-memory.dmp

Filesize
7.7MB

Download
memory/5056-21-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/5056-22-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download