redline | 86ce453e9e344ae5899c991a34877cce81c768559807222472f86bdea79cf93f

Analysis

max time kernel
142s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-03-2024 23:17

Target

60e2e3e3ddca82336695b757d1bc291b_JaffaCakes118.exe
Size

840KB
MD5

60e2e3e3ddca82336695b757d1bc291b
SHA1

d354e37dfe4187674e2f56509626212c26cbb4cc
SHA256

86ce453e9e344ae5899c991a34877cce81c768559807222472f86bdea79cf93f
SHA512

6568023012ead7fd0b19ecc5ef450837cd1e7966b3c081e3769e25764247d3e033a1edffa9cfc28b69ab61a2588fcf9595adcd1468bdf4e8a4d4abdfa15c582a
SSDEEP

24576:0qoYx/DYG9XLUgelgfY9yd0AkFaPUnB97stYY:BpDYvjnB9QYY

Score

10^/10

Family

redline

Botnet

Proliv2

176.57.71.68:37814

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2076-0-0x0000000000360000-0x0000000000391000-memory.dmp	family_redline
behavioral1/memory/2076-7-0x0000000000360000-0x0000000000391000-memory.dmp	family_redline
behavioral1/memory/2076-8-0x00000000004E0000-0x0000000000502000-memory.dmp	family_redline
behavioral1/memory/2076-10-0x0000000004F50000-0x0000000004F90000-memory.dmp	family_redline
behavioral1/memory/2076-13-0x0000000000360000-0x0000000000391000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2076-0-0x0000000000360000-0x0000000000391000-memory.dmp	family_sectoprat
behavioral1/memory/2076-7-0x0000000000360000-0x0000000000391000-memory.dmp	family_sectoprat
behavioral1/memory/2076-8-0x00000000004E0000-0x0000000000502000-memory.dmp	family_sectoprat
behavioral1/memory/2076-10-0x0000000004F50000-0x0000000004F90000-memory.dmp	family_sectoprat
behavioral1/memory/2076-13-0x0000000000360000-0x0000000000391000-memory.dmp	family_sectoprat

C:\Users\Admin\AppData\Local\Temp\60e2e3e3ddca82336695b757d1bc291b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\60e2e3e3ddca82336695b757d1bc291b_JaffaCakes118.exe"
1⤵
PID:2076

memory/2076-0-0x0000000000360000-0x0000000000391000-memory.dmp

Filesize
196KB

Download
memory/2076-7-0x0000000000360000-0x0000000000391000-memory.dmp

Filesize
196KB

Download
memory/2076-8-0x00000000004E0000-0x0000000000502000-memory.dmp

Filesize
136KB

Download
memory/2076-9-0x00000000745C0000-0x0000000074CAE000-memory.dmp

Filesize
6.9MB

Download
memory/2076-10-0x0000000004F50000-0x0000000004F90000-memory.dmp

Filesize
256KB

Download
memory/2076-11-0x0000000004F50000-0x0000000004F90000-memory.dmp

Filesize
256KB

Download
memory/2076-12-0x0000000000500000-0x00000000005D8000-memory.dmp

Filesize
864KB

Download
memory/2076-13-0x0000000000360000-0x0000000000391000-memory.dmp

Filesize
196KB

Download
memory/2076-14-0x00000000745C0000-0x0000000074CAE000-memory.dmp

Filesize
6.9MB

Download