redline | 86ce453e9e344ae5899c991a34877cce81c768559807222472f86bdea79cf93f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2024 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60e2e3e3ddca82336695b757d1bc291b_JaffaCakes118.exe
Size

840KB
MD5

60e2e3e3ddca82336695b757d1bc291b
SHA1

d354e37dfe4187674e2f56509626212c26cbb4cc
SHA256

86ce453e9e344ae5899c991a34877cce81c768559807222472f86bdea79cf93f
SHA512

6568023012ead7fd0b19ecc5ef450837cd1e7966b3c081e3769e25764247d3e033a1edffa9cfc28b69ab61a2588fcf9595adcd1468bdf4e8a4d4abdfa15c582a
SSDEEP

24576:0qoYx/DYG9XLUgelgfY9yd0AkFaPUnB97stYY:BpDYvjnB9QYY

Score

10^/10

redline sectoprat proliv2 infostealer rat trojan

Malware Config

Extracted

Family

redline

Botnet

Proliv2

176.57.71.68:37814

Attributes

auth_value
6e134fbe11e1fba7052c029b94245b55

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3552-0-0x0000000000430000-0x0000000000461000-memory.dmp	family_redline
behavioral2/memory/3552-7-0x0000000000430000-0x0000000000461000-memory.dmp	family_redline
behavioral2/memory/3552-8-0x0000000002A50000-0x0000000002A72000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 5 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3552-0-0x0000000000430000-0x0000000000461000-memory.dmp	family_sectoprat
behavioral2/memory/3552-7-0x0000000000430000-0x0000000000461000-memory.dmp	family_sectoprat
behavioral2/memory/3552-8-0x0000000002A50000-0x0000000002A72000-memory.dmp	family_sectoprat
behavioral2/memory/3552-11-0x0000000005300000-0x0000000005310000-memory.dmp	family_sectoprat
behavioral2/memory/3552-22-0x0000000005300000-0x0000000005310000-memory.dmp	family_sectoprat

C:\Users\Admin\AppData\Local\Temp\60e2e3e3ddca82336695b757d1bc291b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\60e2e3e3ddca82336695b757d1bc291b_JaffaCakes118.exe"
1⤵
PID:3552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3552-0-0x0000000000430000-0x0000000000461000-memory.dmp

Filesize
196KB

Download
memory/3552-7-0x0000000000430000-0x0000000000461000-memory.dmp

Filesize
196KB

Download
memory/3552-8-0x0000000002A50000-0x0000000002A72000-memory.dmp

Filesize
136KB

Download
memory/3552-9-0x0000000074AB0000-0x0000000075260000-memory.dmp

Filesize
7.7MB

Download
memory/3552-10-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/3552-11-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/3552-12-0x0000000005510000-0x0000000005AB4000-memory.dmp

Filesize
5.6MB

Download
memory/3552-13-0x0000000005AE0000-0x00000000060F8000-memory.dmp

Filesize
6.1MB

Download
memory/3552-14-0x0000000006170000-0x0000000006202000-memory.dmp

Filesize
584KB

Download
memory/3552-15-0x0000000006240000-0x0000000006252000-memory.dmp

Filesize
72KB

Download
memory/3552-16-0x0000000006270000-0x000000000637A000-memory.dmp

Filesize
1.0MB

Download
memory/3552-17-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/3552-18-0x0000000007AB0000-0x0000000007AEC000-memory.dmp

Filesize
240KB

Download
memory/3552-19-0x0000000007D20000-0x0000000007D6C000-memory.dmp

Filesize
304KB

Download
memory/3552-20-0x0000000000500000-0x00000000005D8000-memory.dmp

Filesize
864KB

Download
memory/3552-21-0x0000000074AB0000-0x0000000075260000-memory.dmp

Filesize
7.7MB

Download
memory/3552-22-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/3552-24-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/3552-25-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download