redline | 2c77741956f55dbfcdd0de40c0b14d11

Sharing

Copy URL

Twitter E-mail

General

Target

2c77741956f55dbfcdd0de40c0b14d11
Size

113KB
MD5

2c77741956f55dbfcdd0de40c0b14d11
SHA1

5d84e5ef316e5735faa58666b4ef0c25029417db
SHA256

d86fecc812e909fdf8767e61df717b3304a9f7f588b2ba59658bc23a2a92d909
SHA512

c60deee5ec6cbd7ef6c3c08f7a136369cf11a86c8a82a04f622b2af62d734327c580ce976075099b03f65767fa66f688411503cb1bf350c6332eabc60e870b40
SSDEEP

1536:1D0db8MHktK1jIoJ4tRk8lHi3bMuk68gkvyTFdBnQGDLzGEdZ4B:1QdpEtwoRk8pir38g0ypnQInBT4B

Score

10^/10

@dungeonnmaster1 (1629196750) [ставка]redline sectoprat

Malware Config

Extracted

Family

redline

Botnet

@DungeonnMaster1 (1629196750) [Ставка]

only-films.site:63256

Attributes

auth_value
e223f0c9b5fad3dfeb82dae41dbf724c

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

resource	yara_rule
sample	family_sectoprat

Sectoprat family
sectoprat

Files

2c77741956f55dbfcdd0de40c0b14d11
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:ef:cb:a8:d8:8a:dd:a5:4e:c9:19:23:02:23:15:9e
Certificate

Issuer

CN=Carrageens,O=Airwaves Pigtail Inc.,C=OA,1.2.840.113549.1.9.1=#0c1a756e7061737361626c6564656775737440676d61696c2e636f6d

Not Before

26/09/2021, 21:00

Not After

03/10/2031, 21:00

Subject

CN=Carrageens,O=Airwaves Pigtail Inc.,C=OA,1.2.840.113549.1.9.1=#0c1a756e7061737361626c6564656775737440676d61696c2e636f6d

a7:3c:54:04:87:b1:f0:cd:f1:ba:6b:41:5f:e5:94:f3:30:c8:3d:15
Signer

Actual PE Digest

a7:3c:54:04:87:b1:f0:cd:f1:ba:6b:41:5f:e5:94:f3:30:c8:3d:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:ef:cb:a8:d8:8a:dd:a5:4e:c9:19:23:02:23:15:9eCertificate

a7:3c:54:04:87:b1:f0:cd:f1:ba:6b:41:5f:e5:94:f3:30:c8:3d:15Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 107KB - Virtual size: 106KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 12B

33:ef:cb:a8:d8:8a:dd:a5:4e:c9:19:23:02:23:15:9e
Certificate

a7:3c:54:04:87:b1:f0:cd:f1:ba:6b:41:5f:e5:94:f3:30:c8:3d:15
Signer

.text
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 12B