Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 10:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe
-
Size
384KB
-
MD5
e236a905ee0765d8a11aec7d2b3e908d
-
SHA1
e566cb791505d06ef16602a4f8c382d6dba2a0fd
-
SHA256
705dbb05ab9e06321a184fe6e40fb97cd6582f545fe74a844094d89751bbcc2f
-
SHA512
ec126809a77b8a168107370beda3d4072c110d4685677ed3686ac0b25732393b385d769a89f58d4956a057aabca760fa8d790d69c9fecca657d19601fe479d29
-
SSDEEP
6144:hsKPy9mw+3DUrH/x+pRNMjoHo0UGgzq/AvHm4nq5brw96sx6hpNKT1F:yTeUIpbUQo0hgO/AfTnq5IssxYvqF
Malware Config
Extracted
Family
redline
Botnet
sewPalp
C2
185.215.113.29:24645
Attributes
-
auth_value
41d3df6d093b1e36993abf16af0d6f2d
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
resource yara_rule behavioral1/memory/884-6-0x00000000032A0000-0x00000000032C4000-memory.dmp family_redline behavioral1/memory/884-8-0x0000000003490000-0x00000000034B2000-memory.dmp family_redline -
SectopRAT payload 2 IoCs
resource yara_rule behavioral1/memory/884-6-0x00000000032A0000-0x00000000032C4000-memory.dmp family_sectoprat behavioral1/memory/884-8-0x0000000003490000-0x00000000034B2000-memory.dmp family_sectoprat