redline | 0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1
Size

1004KB
MD5

b726e7acb36c6eef97e9a9f2fef000b2
SHA1

804f59f453347613e015f4c981306c338398cfe4
SHA256

0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1
SHA512

0cf3eb1105c0a750dd4563a0707620e334ac881faf604e10ba06745f8399826b9a1e813c2d44025b9f9760a6404a5403d71062ab19ee00323eee0c85c23c4857
SSDEEP

24576:cIv5QimqIakPrYsMdX3gU22+c5c6apVuXgm:nOXUXwF2Nrg

Score

10^/10

redline sectoprat

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

resource	yara_rule
sample	family_sectoprat

Sectoprat family
sectoprat

Files

0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 998KB - Virtual size: 997KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ