Malware Analysis Report

2025-06-16 01:47

Sample ID 240406-l7m37afh61
Target e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118
SHA256 705dbb05ab9e06321a184fe6e40fb97cd6582f545fe74a844094d89751bbcc2f
Tags
redline sectoprat sewpalp infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

705dbb05ab9e06321a184fe6e40fb97cd6582f545fe74a844094d89751bbcc2f

Threat Level: Known bad

The file e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

redline sectoprat sewpalp infostealer rat trojan

RedLine

RedLine payload

SectopRAT

SectopRAT payload

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-06 10:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 10:10

Reported

2024-04-06 10:13

Platform

win7-20240221-en

Max time kernel

141s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe"

Network

Country Destination Domain Proto
RU 185.215.113.29:24645 tcp
RU 185.215.113.29:24645 tcp
RU 185.215.113.29:24645 tcp
RU 185.215.113.29:24645 tcp
RU 185.215.113.29:24645 tcp
RU 185.215.113.29:24645 tcp

Files

memory/884-1-0x00000000002F0000-0x00000000003F0000-memory.dmp

memory/884-2-0x00000000001C0000-0x00000000001F0000-memory.dmp

memory/884-3-0x0000000000400000-0x00000000016D3000-memory.dmp

memory/884-4-0x0000000073E00000-0x00000000744EE000-memory.dmp

memory/884-5-0x00000000037F0000-0x0000000003830000-memory.dmp

memory/884-6-0x00000000032A0000-0x00000000032C4000-memory.dmp

memory/884-7-0x00000000037F0000-0x0000000003830000-memory.dmp

memory/884-8-0x0000000003490000-0x00000000034B2000-memory.dmp

memory/884-10-0x00000000002F0000-0x00000000003F0000-memory.dmp

memory/884-11-0x0000000073E00000-0x00000000744EE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 10:10

Reported

2024-04-06 10:13

Platform

win10v2004-20240226-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
RU 185.215.113.29:24645 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
RU 185.215.113.29:24645 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
RU 185.215.113.29:24645 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
RU 185.215.113.29:24645 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
RU 185.215.113.29:24645 tcp
RU 185.215.113.29:24645 tcp

Files

memory/3212-1-0x0000000001A70000-0x0000000001B70000-memory.dmp

memory/3212-2-0x0000000003440000-0x0000000003470000-memory.dmp

memory/3212-3-0x0000000000400000-0x00000000016D3000-memory.dmp

memory/3212-4-0x00000000035C0000-0x00000000035E4000-memory.dmp

memory/3212-5-0x0000000075190000-0x0000000075940000-memory.dmp

memory/3212-6-0x0000000005F20000-0x0000000005F30000-memory.dmp

memory/3212-8-0x0000000005F20000-0x0000000005F30000-memory.dmp

memory/3212-7-0x0000000005F20000-0x0000000005F30000-memory.dmp

memory/3212-9-0x0000000005F30000-0x00000000064D4000-memory.dmp

memory/3212-10-0x0000000003890000-0x00000000038B2000-memory.dmp

memory/3212-11-0x00000000064E0000-0x0000000006AF8000-memory.dmp

memory/3212-12-0x0000000005E40000-0x0000000005E52000-memory.dmp

memory/3212-13-0x0000000006B00000-0x0000000006C0A000-memory.dmp

memory/3212-14-0x0000000005F20000-0x0000000005F30000-memory.dmp

memory/3212-15-0x0000000005E60000-0x0000000005E9C000-memory.dmp

memory/3212-16-0x0000000005ED0000-0x0000000005F1C000-memory.dmp

memory/3212-17-0x0000000001A70000-0x0000000001B70000-memory.dmp

memory/3212-18-0x0000000000400000-0x00000000016D3000-memory.dmp

memory/3212-20-0x0000000003440000-0x0000000003470000-memory.dmp

memory/3212-21-0x0000000075190000-0x0000000075940000-memory.dmp

memory/3212-23-0x0000000005F20000-0x0000000005F30000-memory.dmp

memory/3212-24-0x0000000005F20000-0x0000000005F30000-memory.dmp