Behavioral task
behavioral1
Sample
21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3.exe
Resource
win7-20230220-en
General
-
Target
21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3.zip
-
Size
43KB
-
MD5
4bd77166929024baf7090da290a489cd
-
SHA1
4c94ba79ee4cb923e872c9918e487a1f50a1f2d8
-
SHA256
4d2b21d8928e3f68ce63fb97a249bfdcad9ea8286d6fd49804cdcf9dde85c429
-
SHA512
33743f2d974c38d227e341d8d626512bff5bf6b24ab281f07bca18d863d3ee980d6fba44b5f60a7922fefc76407b15c82d86bcdd82f27f299355d1842cbe12ce
-
SSDEEP
768:aKyrj4HfhN5Rxhz2JEP+7jECJQiQv1ZeUbwGvowfvN12TURKzcALtCW0mr//B4Ow:aKyrjy6uIj9bQ3eUcGvowdcSKRCW0O/G
Malware Config
Extracted
redline
zbot
0.tcp.eu.ngrok.io:15032
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3 family_redline -
Redline family
-
SectopRAT payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3 family_sectoprat -
Sectoprat family
Files
-
21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3.zip.zip
Password: infected
-
21b7313afd5d2401a2bf46fa3a0d3440af2b45279bc0ddce93074ebb62ed42f3.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ