redline | 951eee62f9678f774f46b2b452ecf66cea62a8bee377fedc9c787ec50e339170

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2024 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a07091354324b193789a6b265e5726a_JaffaCakes118.exe
Size

385KB
MD5

8a07091354324b193789a6b265e5726a
SHA1

479a91422406e05844d46e15cd021bc5eddb7af0
SHA256

951eee62f9678f774f46b2b452ecf66cea62a8bee377fedc9c787ec50e339170
SHA512

d36a72dac805195cc4f638ee156de283b18335a8ab3ff27241fef56d1bab7b08a8d55996708e82352467e8105d7671f7ddda287adc4d9fa341ce40ab4f617330
SSDEEP

6144:ZKH2svwtXlDloCce3AbGGOO3hBqjovaW9nD3ceU6HPbGMjgjn0:ZKQtXVmC1ShIjoSKnDA6HDFEn0

Score

10^/10

redline sectoprat build infostealer rat trojan

Malware Config

Extracted

Family

redline

Botnet

build

77.232.40.127:8204

Attributes

auth_value
275ce2c87153d4e8e3cc276c686a93de

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/5056-4-0x0000000003460000-0x0000000003484000-memory.dmp	family_redline
behavioral2/memory/5056-9-0x0000000003760000-0x0000000003782000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/5056-4-0x0000000003460000-0x0000000003484000-memory.dmp	family_sectoprat
behavioral2/memory/5056-6-0x0000000005E90000-0x0000000005EA0000-memory.dmp	family_sectoprat
behavioral2/memory/5056-9-0x0000000003760000-0x0000000003782000-memory.dmp	family_sectoprat

C:\Users\Admin\AppData\Local\Temp\8a07091354324b193789a6b265e5726a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8a07091354324b193789a6b265e5726a_JaffaCakes118.exe"
1⤵
PID:5056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5056-1-0x0000000001840000-0x0000000001940000-memory.dmp

Filesize
1024KB

Download
memory/5056-2-0x0000000001760000-0x0000000001790000-memory.dmp

Filesize
192KB

Download
memory/5056-3-0x0000000000400000-0x00000000016D3000-memory.dmp

Filesize
18.8MB

Download
memory/5056-4-0x0000000003460000-0x0000000003484000-memory.dmp

Filesize
144KB

Download
memory/5056-5-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/5056-6-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/5056-8-0x0000000005EA0000-0x0000000006444000-memory.dmp

Filesize
5.6MB

Download
memory/5056-7-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/5056-9-0x0000000003760000-0x0000000003782000-memory.dmp

Filesize
136KB

Download
memory/5056-10-0x0000000006550000-0x00000000065E2000-memory.dmp

Filesize
584KB

Download
memory/5056-11-0x00000000065F0000-0x0000000006C08000-memory.dmp

Filesize
6.1MB

Download
memory/5056-12-0x0000000006C10000-0x0000000006C22000-memory.dmp

Filesize
72KB

Download
memory/5056-13-0x0000000006C40000-0x0000000006D4A000-memory.dmp

Filesize
1.0MB

Download
memory/5056-15-0x0000000006E70000-0x0000000006EAC000-memory.dmp

Filesize
240KB

Download
memory/5056-14-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/5056-16-0x0000000006FD0000-0x000000000701C000-memory.dmp

Filesize
304KB

Download
memory/5056-17-0x0000000000400000-0x00000000016D3000-memory.dmp

Filesize
18.8MB

Download
memory/5056-18-0x0000000001760000-0x0000000001790000-memory.dmp

Filesize
192KB

Download
memory/5056-19-0x0000000001840000-0x0000000001940000-memory.dmp

Filesize
1024KB

Download
memory/5056-20-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/5056-22-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/5056-23-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/5056-24-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download