redline | 752c5c2f4ba6f8b7a5e8650083271044bfce5135f93c7f02ec463fe06ae04fa6[.]zip

General

Target

752c5c2f4ba6f8b7a5e8650083271044bfce5135f93c7f02ec463fe06ae04fa6.zip
Size

43KB
MD5

05d550e4dc69ba5967405170e8f3542a
SHA1

6596e3effa18ca125aae90204b2060573d2ff6bf
SHA256

e79ced8dd6daa4a88e5bb8f7ef5239bd0fe0111a98b140ea6079df8ed279d60f
SHA512

fecb6057fb3f10dca78231c53e9535ff45be6c5dd94064fcaee1fbece8ce9c174d3ed7f283ff02c15900694d934209c32df24d4f42dd7e1259681b1696610b05
SSDEEP

768:sNPtJW1M/w4AYchmg4yolx+G3kZiCT5nF43NbGKK4xjjGH5u5yAyNOs/rw8eNr:EW6/w4AYc4Cob+GMiYucKKHlAuOcs

Score

10^/10

Family

redline

Botnet

duckdns

C2

rdmanoip.duckdns.org:35361

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/752c5c2f4ba6f8b7a5e8650083271044bfce5135f93c7f02ec463fe06ae04fa6	family_redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/752c5c2f4ba6f8b7a5e8650083271044bfce5135f93c7f02ec463fe06ae04fa6	family_sectoprat

752c5c2f4ba6f8b7a5e8650083271044bfce5135f93c7f02ec463fe06ae04fa6.zip
.zip

Password: infected
752c5c2f4ba6f8b7a5e8650083271044bfce5135f93c7f02ec463fe06ae04fa6
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ