redline | 3c12c6d2205affa1a9ba0c0317979eba

Sharing

Copy URL Twitter E-mail

General

Target

3c12c6d2205affa1a9ba0c0317979eba
Size

113KB
MD5

3c12c6d2205affa1a9ba0c0317979eba
SHA1

bd54f2e1c243ff15ef06bcb1985d523bcbd209a9
SHA256

f41223b9f58f56e678c14d04ed22c0a33dc5eaf3a24d934890fca900262790d8
SHA512

fcaf98a40fe180ab94e470d5a21957fd118fe2a8f9f5830b2ac58ebd35b95f474363aff5805a146a420ead7ec5042ae69e94d0049b96991500964551a63cae1e
SSDEEP

1536:jx2PdbD0CPRBsCejJZWG4XTyPKlSJvtbMuL64gFOyTFtsE2YPrzGEmZwcD:jxUd/jPRBsCkOuPKW9S4gYypEuHBAwcD

Score

10^/10

@masyana_lzt redline sectoprat

Malware Config

Extracted

Family

redline

Botnet

@masyana_LZT

138.124.186.121:45760

Attributes

auth_value
9b509f3ca2ec2a739920d789362e5ac4

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

resource	yara_rule
sample	family_sectoprat

Sectoprat family
sectoprat

Files

3c12c6d2205affa1a9ba0c0317979eba
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

56:0a:44:49:5e:63:a6:b5:47:86:70:f1:6f:ed:38:7b
Certificate

Issuer

CN=Firing,O=Bammed Dyspneic Inc.,C=JO,1.2.840.113549.1.9.1=#0c1b63696e6e616d6f6e736d617a6172696e6540676d61696c2e636f6d

Not Before

29/09/2021, 21:00

Not After

06/10/2031, 21:00

Subject

CN=Firing,O=Bammed Dyspneic Inc.,C=JO,1.2.840.113549.1.9.1=#0c1b63696e6e616d6f6e736d617a6172696e6540676d61696c2e636f6d

33:57:0a:9f:1d:ed:67:c2:e0:29:53:ed:75:83:ab:48:c6:7d:5b:c5
Signer

Actual PE Digest

33:57:0a:9f:1d:ed:67:c2:e0:29:53:ed:75:83:ab:48:c6:7d:5b:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

56:0a:44:49:5e:63:a6:b5:47:86:70:f1:6f:ed:38:7bCertificate

33:57:0a:9f:1d:ed:67:c2:e0:29:53:ed:75:83:ab:48:c6:7d:5b:c5Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 107KB - Virtual size: 106KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 12B

56:0a:44:49:5e:63:a6:b5:47:86:70:f1:6f:ed:38:7b
Certificate

33:57:0a:9f:1d:ed:67:c2:e0:29:53:ed:75:83:ab:48:c6:7d:5b:c5
Signer

.text
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 12B