Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 13:34

General

  • Target

    e2a78498d4f146153f6212ed01e698d8_JaffaCakes118.exe

  • Size

    314KB

  • MD5

    e2a78498d4f146153f6212ed01e698d8

  • SHA1

    2952ab0dd944f96b257857fc0b243f3f16bd7c61

  • SHA256

    c0d9890c15842c30d526025f7678e09b216020c3dc935b0d4cfa102c7eb9ae2c

  • SHA512

    2ae5c4b457314f81cdcd237dd4bbd202bc5f8f8dce11bf00c22a327e61bc91b142e62283cf41a295f4772c92271819deabb7e447e69a0e7191c281e31308b56b

  • SSDEEP

    6144:K0XjUi3YmmV4YGkOSz12CfnURRRRWdvMFXe1+VXfVRSP7EsI5/:bwi3tRYG0Zxvkv1Hc9c

Malware Config

Extracted

Family

redline

Botnet

30.08

C2

185.215.113.17:48236

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 2 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

  • SectopRAT payload 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2a78498d4f146153f6212ed01e698d8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2a78498d4f146153f6212ed01e698d8_JaffaCakes118.exe"
    1⤵
      PID:3556

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3556-1-0x0000000001E70000-0x0000000001F70000-memory.dmp

            Filesize

            1024KB

          • memory/3556-2-0x0000000001E30000-0x0000000001E60000-memory.dmp

            Filesize

            192KB

          • memory/3556-4-0x0000000000400000-0x0000000001D9C000-memory.dmp

            Filesize

            25.6MB

          • memory/3556-3-0x0000000003E50000-0x0000000003E76000-memory.dmp

            Filesize

            152KB

          • memory/3556-5-0x00000000065B0000-0x00000000065C0000-memory.dmp

            Filesize

            64KB

          • memory/3556-7-0x0000000075120000-0x00000000758D0000-memory.dmp

            Filesize

            7.7MB

          • memory/3556-9-0x0000000003FF0000-0x0000000004014000-memory.dmp

            Filesize

            144KB

          • memory/3556-8-0x00000000065B0000-0x00000000065C0000-memory.dmp

            Filesize

            64KB

          • memory/3556-6-0x00000000065C0000-0x0000000006B64000-memory.dmp

            Filesize

            5.6MB

          • memory/3556-10-0x0000000006B70000-0x0000000007188000-memory.dmp

            Filesize

            6.1MB

          • memory/3556-11-0x00000000064F0000-0x0000000006502000-memory.dmp

            Filesize

            72KB

          • memory/3556-12-0x0000000007190000-0x000000000729A000-memory.dmp

            Filesize

            1.0MB

          • memory/3556-13-0x00000000065B0000-0x00000000065C0000-memory.dmp

            Filesize

            64KB

          • memory/3556-14-0x0000000006510000-0x000000000654C000-memory.dmp

            Filesize

            240KB

          • memory/3556-15-0x00000000072A0000-0x00000000072EC000-memory.dmp

            Filesize

            304KB

          • memory/3556-16-0x0000000000400000-0x0000000001D9C000-memory.dmp

            Filesize

            25.6MB

          • memory/3556-17-0x0000000001E30000-0x0000000001E60000-memory.dmp

            Filesize

            192KB

          • memory/3556-18-0x0000000001E70000-0x0000000001F70000-memory.dmp

            Filesize

            1024KB

          • memory/3556-20-0x00000000065B0000-0x00000000065C0000-memory.dmp

            Filesize

            64KB

          • memory/3556-21-0x00000000065B0000-0x00000000065C0000-memory.dmp

            Filesize

            64KB

          • memory/3556-22-0x0000000075120000-0x00000000758D0000-memory.dmp

            Filesize

            7.7MB

          • memory/3556-23-0x00000000065B0000-0x00000000065C0000-memory.dmp

            Filesize

            64KB

          • memory/3556-24-0x00000000065B0000-0x00000000065C0000-memory.dmp

            Filesize

            64KB