Behavioral task
behavioral1
Sample
a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6.exe
Resource
win7-20230220-en
General
-
Target
a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6.zip
-
Size
43KB
-
MD5
5ac62bca8df4f486202d5e7b406b380a
-
SHA1
8fd65e7719e4bc4f4cb3e93a5bad5ba0134a63ae
-
SHA256
498461e84b5b0120a4445337a29d40b6b0d2809d1b7182a2e22920b7ad33d802
-
SHA512
e0ac52394820b1a3d493c2aff5cd855b0992aa2b2e739e56e4b8de3ab13fa5d5365d35c7ce9049ad8852d786abfcb367fcdd17d4201a2463c2b2877535f255aa
-
SSDEEP
768:4wgVHF6oeodpXw9CDwgzhhebOFi5mHazcfGCJ3bML3kGN7uUyevdbleVTQ7OmOX3:PKBeepXwQBhheCFi5WaPCJAL3lZvvdbo
Malware Config
Extracted
redline
cheat
127.0.0.1:13344
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6 family_redline -
Redline family
-
SectopRAT payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6 family_sectoprat -
Sectoprat family
Files
-
a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6.zip.zip
Password: infected
-
a03e438f8a51628d96e86ec31e75bdea9866d9e86c722d449835743315827ea6.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ