Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 13:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e2a78498d4f146153f6212ed01e698d8_JaffaCakes118.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
e2a78498d4f146153f6212ed01e698d8_JaffaCakes118.exe
-
Size
314KB
-
MD5
e2a78498d4f146153f6212ed01e698d8
-
SHA1
2952ab0dd944f96b257857fc0b243f3f16bd7c61
-
SHA256
c0d9890c15842c30d526025f7678e09b216020c3dc935b0d4cfa102c7eb9ae2c
-
SHA512
2ae5c4b457314f81cdcd237dd4bbd202bc5f8f8dce11bf00c22a327e61bc91b142e62283cf41a295f4772c92271819deabb7e447e69a0e7191c281e31308b56b
-
SSDEEP
6144:K0XjUi3YmmV4YGkOSz12CfnURRRRWdvMFXe1+VXfVRSP7EsI5/:bwi3tRYG0Zxvkv1Hc9c
Malware Config
Extracted
Family
redline
Botnet
30.08
C2
185.215.113.17:48236
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 4 IoCs
resource yara_rule behavioral1/memory/2936-3-0x0000000003820000-0x0000000003846000-memory.dmp family_redline behavioral1/memory/2936-5-0x0000000003C30000-0x0000000003C70000-memory.dmp family_redline behavioral1/memory/2936-9-0x0000000003860000-0x0000000003884000-memory.dmp family_redline behavioral1/memory/2936-16-0x0000000003C30000-0x0000000003C70000-memory.dmp family_redline -
SectopRAT payload 5 IoCs
resource yara_rule behavioral1/memory/2936-3-0x0000000003820000-0x0000000003846000-memory.dmp family_sectoprat behavioral1/memory/2936-5-0x0000000003C30000-0x0000000003C70000-memory.dmp family_sectoprat behavioral1/memory/2936-9-0x0000000003860000-0x0000000003884000-memory.dmp family_sectoprat behavioral1/memory/2936-10-0x0000000003C30000-0x0000000003C70000-memory.dmp family_sectoprat behavioral1/memory/2936-16-0x0000000003C30000-0x0000000003C70000-memory.dmp family_sectoprat