Overview

overview

10

Static

static

10

0666711e9a...9f.exe

windows7-x64

10

0666711e9a...9f.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3d3801f8399c6bfdb21aa43fa13858b2.bin

  • Size

    43KB

  • MD5

    2be78937665512625c382835c329fc80

  • SHA1

    56c01fabfaa365b2f3e1f55ffe9026a236c30adf

  • SHA256

    253133434288685fde6b7a4223c538cdba47efa5b2abaa4069b53e35a2f0b22a

  • SHA512

    a4215b222b11b2dbf32821fce8a73045a29a5ee9c3d3671de8fa5aa3b62d3441fe8120442df53857b53ba3d472e4905bf8141e7bf215a29e5547b9dadb568d6e

  • SSDEEP

    768:1FuCG3FjVVKFFZ2t/U9LY8O1XEsOtDAogFaLeDAp/VBS7ZQ:Oj3hVO2t/0CXEsOVA6eDO/jwC

Score
10/10
invoiceredlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

Invoice

C2

147.124.213.118:50826

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3d3801f8399c6bfdb21aa43fa13858b2.bin
    .zip

    Password: infected

  • 0666711e9a77267cfc9aade6b6cbb75382c2730adc6add471dfbfaf34cf79c9f.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections