redline | ac1906fa0c648d42c3e1b0c7b70b0e7c0c68888d90dc48c81b225f0932cdb258

Sharing

Copy URL Twitter E-mail

General

Target

ac1906fa0c648d42c3e1b0c7b70b0e7c0c68888d90dc48c81b225f0932cdb258
Size

112KB
MD5

952abab48bb5bf1cf5f8fc585af985c4
SHA1

bab0ddca75b73a8ccb7f24f4abb1e22d67bec7d4
SHA256

ac1906fa0c648d42c3e1b0c7b70b0e7c0c68888d90dc48c81b225f0932cdb258
SHA512

259b01ce8950e9a4f9c2f24525515e7b61e904090c8d499f40c0430b7af5ca3ef533ed5fa84899c50c0c19087409db47c2e72eb7ac2b6aa98a4eb7b43d56573b
SSDEEP

3072:hcvFBACYCpiTI/PG/bbd1HkQcJMsDUha4EASN01i04:hcveo6bdJ9cZUha4jSoJ4

Score

10^/10

paint redline

Malware Config

Extracted

Family

redline

Botnet

paint

193.233.193.0:4633

Attributes

auth_value
70b295da5ec4f38705304ce3bcd32753

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

ac1906fa0c648d42c3e1b0c7b70b0e7c0c68888d90dc48c81b225f0932cdb258
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:13:19:d2:0c:6f:1f:1a:ec:33:98:52:21:89:d9:0c
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/01/2022, 00:00

Not After

30/01/2023, 23:59

Subject

CN=AMCERT\,LLC,O=AMCERT\,LLC,ST=Erevan,C=AM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:2f:27:cc:d4:50:6a:4b:cd:b7:7a:d7:b7:61:c9:b9:2d:e6:a6:d9
Signer

Actual PE Digest

65:2f:27:cc:d4:50:6a:4b:cd:b7:7a:d7:b7:61:c9:b9:2d:e6:a6:d9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=AMCERT\,LLC,O=AMCERT\,LLC,ST=Erevan,C=AM

29/09/2022, 18:53
Valid: true

Chain 1

CN=AMCERT\,LLC,O=AMCERT\,LLC,ST=Erevan,C=AM

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

c8:13:19:d2:0c:6f:1f:1a:ec:33:98:52:21:89:d9:0cCertificate

Extended Key Usages

Key Usages

65:2f:27:cc:d4:50:6a:4b:cd:b7:7a:d7:b7:61:c9:b9:2d:e6:a6:d9Signer

Signature Validations

Verification

29/09/2022, 18:53 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 103KB - Virtual size: 102KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 12B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

c8:13:19:d2:0c:6f:1f:1a:ec:33:98:52:21:89:d9:0c
Certificate

65:2f:27:cc:d4:50:6a:4b:cd:b7:7a:d7:b7:61:c9:b9:2d:e6:a6:d9
Signer

29/09/2022, 18:53
Valid: true

.text
Size: 103KB - Virtual size: 102KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 12B