redline | 21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3[.]zip

General

Target

21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3.zip
Size

43KB
MD5

4bd77166929024baf7090da290a489cd
SHA1

4c94ba79ee4cb923e872c9918e487a1f50a1f2d8
SHA256

4d2b21d8928e3f68ce63fb97a249bfdcad9ea8286d6fd49804cdcf9dde85c429
SHA512

33743f2d974c38d227e341d8d626512bff5bf6b24ab281f07bca18d863d3ee980d6fba44b5f60a7922fefc76407b15c82d86bcdd82f27f299355d1842cbe12ce
SSDEEP

768:aKyrj4HfhN5Rxhz2JEP+7jECJQiQv1ZeUbwGvowfvN12TURKzcALtCW0mr//B4Ow:aKyrjy6uIj9bQ3eUcGvowdcSKRCW0O/G

Score

10^/10

Family

redline

Botnet

zbot

C2

0.tcp.eu.ngrok.io:15032

RedLine payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3	family_redline

SectopRAT payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3	family_sectoprat

21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3.zip
.zip

Password: infected
21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ