bdredline[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

bdredline.exe
Size

1.3MB
MD5

43bb13392945dc4a3155a327bbd490c4
SHA1

42ba7edc0647bec0b174f26430bb54991c2f484e
SHA256

d178ec73f1227d48e809a125c25349debd5b497cfb5409f614d9a4d501aad974
SHA512

c256f5515cb2f19eef3d27039fdc058fd92e9712def27ab7cd1d3d304928cd6812b87787f0a41bb984387719e5a9af01581d6b3275d76ecaaf59569d18e5d6d5
SSDEEP

24576:amWVWO1+AKn1/zQX8xPNYVVdvYCHLI81xV7AyU5Z:aHVizQXKPNUxRrIyxV7FUD

Score

1^/10

Malware Config

Signatures

Files

bdredline.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Program Files/Bitdefender Agent/redline/bdredline.exe
.exe windows x86

Password: S@ndb0x!2023@@

5f0d78d2d0a371b800b0bebb3454bda0

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:95:9f:e7:c3:8f:87:51:bc:99:fc:a2:be:9d:fb:e7
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25-11-2020 00:00

Not After

29-11-2023 23:59

Subject

CN=Bitdefender SRL,OU=DEVSUP CLINSTALLER,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:5d:e2:c7:af:11:69:4f:b9:3e:8f:05:3d:a6:e9:19
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-12-2020 00:00

Not After

29-11-2023 23:59

Subject

CN=Bitdefender SRL,OU=DEVSUP CLINSTALLER,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

44:49:2a:3c:52:53:4f:6d:cc:7f:02:33:05:9e:98:61:ab:e3:3d:3d:03:e5:f3:e2:a2:de:e7:c0:3f:5b:b9:7d
Signer

Actual PE Digest

44:49:2a:3c:52:53:4f:6d:cc:7f:02:33:05:9e:98:61:ab:e3:3d:3d:03:e5:f3:e2:a2:de:e7:c0:3f:5b:b9:7d

Digest Algorithm

sha256

PE Digest Matches

true

bf:08:76:fa:67:c3:e2:7c:e1:af:2b:6a:cd:c5:42:67:51:03:b2:6a
Signer

Actual PE Digest

bf:08:76:fa:67:c3:e2:7c:e1:af:2b:6a:cd:c5:42:67:51:03:b2:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust

ws2_32

closesocket
WSASocketW
bind
connect
freeaddrinfo
getaddrinfo
htonl
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSASetLastError
socket
ntohs
htons
WSAGetLastError
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAIoctl
setsockopt
send
recv
getsockopt
getpeername
getsockname
accept
listen
ioctlsocket

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
CertFindCertificateInStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
PFXImportCertStore
CertOpenStore
CertCloseStore
CertGetEnhancedKeyUsage
CryptStringToBinaryA
CertDuplicateCertificateContext
CertFreeCertificateContext

advapi32

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
RegisterServiceCtrlHandlerExW
CryptReleaseContext
CryptAcquireContextA
StartServiceCtrlDispatcherW
SetServiceStatus

bcrypt

BCryptGenRandom

kernel32

IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
GetFileType
GetDriveTypeW
PeekNamedPipe
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
SetUnhandledExceptionFilter
GetFileAttributesExW
SetStdHandle
SetEndOfFile
DecodePointer
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
VirtualProtect
UnhandledExceptionFilter
ReadConsoleW
CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryW
GetLastError
GetProcAddress
TlsGetValue
TlsSetValue
GetModuleHandleW
SetHandleInformation
GetCurrentProcessId
SetLastError
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
GetModuleFileNameW
SetErrorMode
SetThreadErrorMode
GetSystemInfo
CreateFileMappingW
MapViewOfFile
HeapSize
UnmapViewOfFile
GetStdHandle
GetConsoleMode
GetFileInformationByHandleEx
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
GetSystemTimeAsFileTime
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
CreateMutexA
InitializeCriticalSection
FreeEnvironmentStringsW
ReleaseSRWLockShared
CompareStringOrdinal
SwitchToThread
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
WriteFile
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
CreateEventW
WaitForMultipleObjects
GetOverlappedResult
TryEnterCriticalSection
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
HeapReAlloc
AcquireSRWLockShared
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
DeviceIoControl
CreateDirectoryW
FindFirstFileW
DeleteFileW
MoveFileExW
GetFinalPathNameByHandleW
CopyFileExW
CancelIo
SetCurrentDirectoryW
ExitProcess
GetFullPathNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
CreateNamedPipeW
CreateThread
WriteConsoleW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 682KB - Virtual size: 681KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

5f0d78d2d0a371b800b0bebb3454bda0

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

09:95:9f:e7:c3:8f:87:51:bc:99:fc:a2:be:9d:fb:e7Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

01:5d:e2:c7:af:11:69:4f:b9:3e:8f:05:3d:a6:e9:19Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

44:49:2a:3c:52:53:4f:6d:cc:7f:02:33:05:9e:98:61:ab:e3:3d:3d:03:e5:f3:e2:a2:de:e7:c0:3f:5b:b9:7dSigner

bf:08:76:fa:67:c3:e2:7c:e1:af:2b:6a:cd:c5:42:67:51:03:b2:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

ws2_32

crypt32

advapi32

bcrypt

kernel32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 682KB - Virtual size: 681KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 167KB - Virtual size: 167KB

.reloc Size: 57KB - Virtual size: 57KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

09:95:9f:e7:c3:8f:87:51:bc:99:fc:a2:be:9d:fb:e7
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

01:5d:e2:c7:af:11:69:4f:b9:3e:8f:05:3d:a6:e9:19
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

44:49:2a:3c:52:53:4f:6d:cc:7f:02:33:05:9e:98:61:ab:e3:3d:3d:03:e5:f3:e2:a2:de:e7:c0:3f:5b:b9:7d
Signer

bf:08:76:fa:67:c3:e2:7c:e1:af:2b:6a:cd:c5:42:67:51:03:b2:6a
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 682KB - Virtual size: 681KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 167KB - Virtual size: 167KB

.reloc
Size: 57KB - Virtual size: 57KB