redline | 379a6a4f7be0d0e21a5e5b996ea8aeeb[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

379a6a4f7be0d0e21a5e5b996ea8aeeb.exe
Size

1.2MB
MD5

379a6a4f7be0d0e21a5e5b996ea8aeeb
SHA1

27df283dcb89ee72f304df89d3938239acc32439
SHA256

3080f7ed1cb9ec8fbf4c0cf992bd0eb9dba5f69d0342f58ebcc8943d28c77a97
SHA512

e6705fc43877d4f46052f03dbd0a17cdc5afee7b2d6eec4f944556d005a613e9b356361ad3df9cb5164925f5429109d348a4c0b90018220047f8956d9b32f4b8
SSDEEP

24576:E3J4L4PuehYxYVX8wALgMlpdftuveocvtRp4jSLSfpACb:+4L8u0pGdYfpACb

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

Processes:

resource yara_rule

sample family_redline
Redline family
redline

resource	yara_rule
sample	family_redline

Files

379a6a4f7be0d0e21a5e5b996ea8aeeb.exe
.exe windows x86

1e33718404ffbe0d91b536c10bf053f8

Code Sign

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2024 23:59

Subject

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2024 23:59

Subject

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

87:30:d4:eb:46:cf:e0:e8:7a:ea:6a:46:ad:e0:19:a7:ba:49:dc:fa:3f:7b:d9:66:f1:d8:51:70:60:28:73:14
Signer

Actual PE Digest

87:30:d4:eb:46:cf:e0:e8:7a:ea:6a:46:ad:e0:19:a7:ba:49:dc:fa:3f:7b:d9:66:f1:d8:51:70:60:28:73:14

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

17-09-2021 03:00
Valid: true

Chain 1

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

c1:67:e2:1e:3a:5d:15:47:d1:e7:e9:0a:b6:47:62:30:0b:37:45:ed
Signer

Actual PE Digest

c1:67:e2:1e:3a:5d:15:47:d1:e7:e9:0a:b6:47:62:30:0b:37:45:ed

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

17-09-2021 03:00
Valid: true

Chain 1

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateSemaphoreW
CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeConsole
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__pioinfo
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fstat64
_initterm
_iob
_lseeki64
_onexit
_read
_strnicmp
_write
_write
abort
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getwc
isspace
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
realloc
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strncmp
strtoul
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

Sections

.text
Size: 763KB - Virtual size: 762KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e33718404ffbe0d91b536c10bf053f8

Code Sign

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2fCertificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2fCertificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

87:30:d4:eb:46:cf:e0:e8:7a:ea:6a:46:ad:e0:19:a7:ba:49:dc:fa:3f:7b:d9:66:f1:d8:51:70:60:28:73:14Signer

Signature Validations

Verification

17-09-2021 03:00 Valid: true

Chain 1

Chain 2

c1:67:e2:1e:3a:5d:15:47:d1:e7:e9:0a:b6:47:62:30:0b:37:45:edSigner

Signature Validations

Verification

17-09-2021 03:00 Valid: true

Chain 1

Chain 2

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 763KB - Virtual size: 762KB

.data Size: 123KB - Virtual size: 122KB

.rdata Size: 68KB - Virtual size: 68KB

.eh_fram Size: 244KB - Virtual size: 243KB

.bss Size: - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2f
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2f
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

87:30:d4:eb:46:cf:e0:e8:7a:ea:6a:46:ad:e0:19:a7:ba:49:dc:fa:3f:7b:d9:66:f1:d8:51:70:60:28:73:14
Signer

17-09-2021 03:00
Valid: true

c1:67:e2:1e:3a:5d:15:47:d1:e7:e9:0a:b6:47:62:30:0b:37:45:ed
Signer

17-09-2021 03:00
Valid: true

.text
Size: 763KB - Virtual size: 762KB

.data
Size: 123KB - Virtual size: 122KB

.rdata
Size: 68KB - Virtual size: 68KB

.eh_fram
Size: 244KB - Virtual size: 243KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B