Overview

overview

10

Static

static

10

f48c7817f6...18.exe

windows7-x64

f48c7817f6...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    f48c7817f6c96bc24d0cc5ce16828e1f_JaffaCakes118

  • Size

    136KB

  • MD5

    f48c7817f6c96bc24d0cc5ce16828e1f

  • SHA1

    92d1bcc61c0a7cc029910fe03242263bc3ce9548

  • SHA256

    81e51a252681a0dcf519d6cf9aa9c7013e0ad09f1e7a9b0087d612a7de2d3968

  • SHA512

    89cf7dacc7a05bd7549544aa067672a2a1fa95aa8c9f388b1334a3981d6bd6529b3f8314e3d715d9626dfadebf26eb80717ca6dce8478f74387441325f299b43

  • SSDEEP

    3072:2xmocnUDJX69gbucyzd8SnvmMWmku5+G:pnUF6yZy+Ygu+

Score
10/10
netframeworkredlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

NetFramework

C2

yonicathal.xyz:80

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f48c7817f6c96bc24d0cc5ce16828e1f_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections