Overview

overview

10

Static

static

3

JaffaCakes...14.exe

windows7-x64

10

JaffaCakes...14.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2025 02:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_47502c4fbfee81ffb2cc763b2c3a7014.exe

  • Size

    832KB

  • MD5

    47502c4fbfee81ffb2cc763b2c3a7014

  • SHA1

    d26041802a760eb3c2d6504591573d186e77b2a8

  • SHA256

    a68371dab98b32a415c9a774cb972b5439a313946f06283917e05ecf83170391

  • SHA512

    7dedf8b6a4460ea7bbe0c95b0fcaa64e9c407bc7c195b80bb4ea9cc4151e1290ab23143dc2d862c6d94d5f1a2a8b7a1c562b93f5b7ee7c23144f32e1d1108a95

  • SSDEEP

    12288:3aq8GgDyMO9nXgab/b8ZuAcY0V5gmdLPdXbDmehoC16OLhTHlGNmWjP9:3aq8pGHnQafAoPUyJ6LNmi1

Score
10/10
redline@alternativshikkdiscoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

@alternativshikk

C2

5.188.118.163:80

Attributes
  • auth_value

    9bde7608ef33d6cbd8c01687cdd53196

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 4 IoCs
  • Redline family
    redline
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_47502c4fbfee81ffb2cc763b2c3a7014.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_47502c4fbfee81ffb2cc763b2c3a7014.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2756-7-0x0000000000360000-0x000000000038E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2756-0-0x0000000000360000-0x000000000038E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2756-8-0x00000000748EE000-0x00000000748EF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2756-9-0x0000000000770000-0x0000000000790000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2756-10-0x00000000748E0000-0x0000000074FCE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2756-11-0x00000000748E0000-0x0000000074FCE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2756-12-0x00000000748E0000-0x0000000074FCE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2756-13-0x0000000000360000-0x000000000038E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2756-14-0x00000000748EE000-0x00000000748EF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2756-15-0x00000000748E0000-0x0000000074FCE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2756-16-0x0000000000650000-0x0000000000727000-memory.dmp

    Filesize

    860KB

    Download