redline | build[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

build.exe
Size

95KB
MD5

225c26d38477cac0b73a9fbd30c2ac1f
SHA1

9ce2bb8345cd337e04fac972fa5cc38b467fe405
SHA256

de8792359e6fd94b6727e3e96876c978d5859bd7c5299898e7efb442fb54b285
SHA512

93e4d07d16dec47bf594ac9714dc5bab718d7fcc822f4a92b78ddf75c15a49a9827f1537626068b2dd4dd92c14a7385b88124b08342f74ef33e6d2585cac1072
SSDEEP

1536:FqsIhaqpalbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2GtmulgS6pQl:DGaKaYP+zi0ZbYe1g0ujyzdCQ

Score

10^/10

@th3evil redline sectoprat

Malware Config

Extracted

Family

redline

Botnet

@TH3EVIL

C2

51.11.215.106:16491

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

resource	yara_rule
sample	family_sectoprat

Sectoprat family
sectoprat

Files

build.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ