redline | ffa49dc1dbb7c1dbd3423b82ded21fd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ffa49dc1dbb7c1dbd3423b82ded21fd5_JaffaCakes118
Size

103KB
MD5

ffa49dc1dbb7c1dbd3423b82ded21fd5
SHA1

8ebeb114dbd879afbe99a9b961ff6788f99beb8d
SHA256

71088720bf288988e335d16d5c2bfbc5bcab69c665bcedb82d034b858f45e453
SHA512

13d99556d8b7597bc267e0c9de669308e1643e4eac82cb008297d2bfdd73380ee2480a51dc8af58675ed10b0392e1ed3e674137c88e94a3b936196a2c25f9bff
SSDEEP

1536:xW3LNmocO8oXzrGhu2n93+kC4JFKQmbfexvVuvUyyed2e36qCxXsECG6ijoigjt1:cxmocZR99C4JI9gVucyzdLSn0t1

Score

10^/10

@fel1x2yt redline sectoprat

Malware Config

Extracted

Family

redline

Botnet

@fel1x2yt

137.74.76.180:52028

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

resource	yara_rule
sample	family_sectoprat

Sectoprat family
sectoprat

Files

ffa49dc1dbb7c1dbd3423b82ded21fd5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:6a:18:12:e0:01:36:24:69:54:11:08:97:3b:bd:52
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

16/06/2021, 00:00

Not After

16/06/2022, 23:59

Subject

CN=AMCERT\,LLC,O=AMCERT\,LLC,L=Yerevan,C=AM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:2b:4c:88:e5:41:8f:c9:38:f4:51:d6:bb:f4:e7:38:78:fb:31:01
Signer

Actual PE Digest

82:2b:4c:88:e5:41:8f:c9:38:f4:51:d6:bb:f4:e7:38:78:fb:31:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

bc:6a:18:12:e0:01:36:24:69:54:11:08:97:3b:bd:52Certificate

Extended Key Usages

Key Usages

82:2b:4c:88:e5:41:8f:c9:38:f4:51:d6:bb:f4:e7:38:78:fb:31:01Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 94KB - Virtual size: 93KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 12B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

bc:6a:18:12:e0:01:36:24:69:54:11:08:97:3b:bd:52
Certificate

82:2b:4c:88:e5:41:8f:c9:38:f4:51:d6:bb:f4:e7:38:78:fb:31:01
Signer

.text
Size: 94KB - Virtual size: 93KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 12B