redline | a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6[.]zip

General

Target

a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6.zip
Size

43KB
MD5

5ac62bca8df4f486202d5e7b406b380a
SHA1

8fd65e7719e4bc4f4cb3e93a5bad5ba0134a63ae
SHA256

498461e84b5b0120a4445337a29d40b6b0d2809d1b7182a2e22920b7ad33d802
SHA512

e0ac52394820b1a3d493c2aff5cd855b0992aa2b2e739e56e4b8de3ab13fa5d5365d35c7ce9049ad8852d786abfcb367fcdd17d4201a2463c2b2877535f255aa
SSDEEP

768:4wgVHF6oeodpXw9CDwgzhhebOFi5mHazcfGCJ3bML3kGN7uUyevdbleVTQ7OmOX3:PKBeepXwQBhheCFi5WaPCJAL3lZvvdbo

Score

10^/10

Family

redline

Botnet

cheat

C2

127.0.0.1:13344

RedLine payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6	family_redline

SectopRAT payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6	family_sectoprat

a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6.zip
.zip

Password: infected
a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ