Overview

overview

10

Static

static

3

JaffaCakes...91.exe

windows7-x64

10

JaffaCakes...91.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2025 06:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_9211ce6298b94bfb80c4c4750e5cc491.exe

  • Size

    753KB

  • MD5

    9211ce6298b94bfb80c4c4750e5cc491

  • SHA1

    d799df21b865eec50e940cd45e7ca064adb3777d

  • SHA256

    0ba0e4522c1549a6f8e436003b2456411b6c1bc5eca438cc16996587fa06000d

  • SHA512

    5f154aeb8fd175b751570bad6aac21540ba2222ad14341d7975a967975a90ed529ff4b34af0521cb771c476c623bafa2440249e4df8d9d0f22728ecb0e429c34

  • SSDEEP

    12288:rG+TR9OytDyDhgmUfOutqbq3oO1xAFUgS2aU5PYQf72MbKwHz969ImgCnKxE+TA8:rPvEmKy1i/YQfqMbKwHz96CmDnUE+cc

Score
10/10
redlinesectoprat@rrk0o discoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

@rrk0o

C2

95.216.43.58:40566

Attributes
  • auth_value

    fd7f71b079c843a407d5a0e4eb4dfa03

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Redline family
    redline
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 2 IoCs
  • Sectoprat family
    sectoprat
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9211ce6298b94bfb80c4c4750e5cc491.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9211ce6298b94bfb80c4c4750e5cc491.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4720-0-0x0000000002690000-0x00000000026C1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/4720-7-0x0000000074F0E000-0x0000000074F0F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4720-8-0x0000000002AF0000-0x0000000002B12000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4720-9-0x0000000074F00000-0x00000000756B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4720-10-0x00000000055F0000-0x0000000005B94000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4720-11-0x0000000074F00000-0x00000000756B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4720-12-0x0000000074F00000-0x00000000756B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4720-13-0x0000000005310000-0x00000000053A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4720-14-0x0000000005BA0000-0x00000000061B8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4720-15-0x0000000006240000-0x0000000006252000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4720-16-0x0000000006270000-0x000000000637A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4720-17-0x0000000074F00000-0x00000000756B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4720-18-0x0000000007AC0000-0x0000000007AFC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4720-19-0x0000000007C50000-0x0000000007C9C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4720-20-0x0000000074F0E000-0x0000000074F0F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4720-21-0x0000000074F00000-0x00000000756B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4720-22-0x0000000074F00000-0x00000000756B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4720-23-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/4720-24-0x0000000074F00000-0x00000000756B0000-memory.dmp

    Filesize

    7.7MB

    Download