redline | build[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

build.exe
Size

95KB
MD5

0a62437e59df248af2eda97203611906
SHA1

b4407082f44e48389cf122e15cdbffd8f7e26619
SHA256

3fc8460a4875efb2ab36a9677d4119c6d473c829070290313dbf881bf84e86ae
SHA512

e2e95da15ad5afa28c309377288a26a73dd417c428abf10398ea4a35814fa8fbeed141100221df7097406610bbe445a932b40a4179ff3ed87f64c395afe0dddb
SSDEEP

1536:Fqs+haqpalbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2UtmulgS6pQl:DcaKaYP+zi0ZbYe1g0ujyzdYQ

Score

10^/10

mrpenguin redline sectoprat

Malware Config

Extracted

Family

redline

Botnet

MrPenguin

C2

86.38.225.74:16808

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

resource	yara_rule
sample	family_sectoprat

Sectoprat family
sectoprat

Files

build.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ