redline | 3c6144cb9dfddd8fad8dc1bea30d2310

Sharing

Copy URL Twitter E-mail

General

Target

3c6144cb9dfddd8fad8dc1bea30d2310
Size

45KB
MD5

3c6144cb9dfddd8fad8dc1bea30d2310
SHA1

43d592a85b41b967275c966d5d5540c59dac4da3
SHA256

963364f5547beb18399a7af15bde849821ffe005d74bb33aefd3b7d766e442ab
SHA512

026eabf6c3011b94fd9529b0559c82d65c17995c16e1d62b2f84d2e8c2132d35f69b88969017774d2f5b5e88a307b5c30a3bb4119aefa0a4c1b63315a8638ee2
SSDEEP

768:6cZL3WCx5e5udPBaqNpK7qoXqxN2wfJli5YuIUmydf6IzF/muwdXZ0uLIGyf:tLmCkGzNknc2UJc5oUJ7JWJZ0u8GM

Score

10^/10

@brosski redline sectoprat

Malware Config

Extracted

Family

redline

Botnet

@brosski

137.74.76.180:52028

Signatures

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/CHEAT FORTNITE 2021/CHEAT FORTNITE 2021/SKIN CHANGER 2021.exe	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/CHEAT FORTNITE 2021/CHEAT FORTNITE 2021/SKIN CHANGER 2021.exe	family_sectoprat

Sectoprat family
sectoprat

Files

3c6144cb9dfddd8fad8dc1bea30d2310
.zip
CHEAT FORTNITE 2021/CHEAT FORTNITE 2021/SKIN CHANGER 2021.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:58:50:4e:79:71:86:9d:0a:ec:27:75:ff:fa:03:d5
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14/06/2021, 00:00

Not After

14/06/2022, 23:59

Subject

CN=Amcert LLC,O=Amcert LLC,L=Yerevan,C=AM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d1:85:f3:64:18:f7:06:72:cd:47:52:9c:e7:76:25:8a:fb:af:c2:17
Signer

Actual PE Digest

d1:85:f3:64:18:f7:06:72:cd:47:52:9c:e7:76:25:8a:fb:af:c2:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

a7:58:50:4e:79:71:86:9d:0a:ec:27:75:ff:fa:03:d5Certificate

Extended Key Usages

Key Usages

d1:85:f3:64:18:f7:06:72:cd:47:52:9c:e7:76:25:8a:fb:af:c2:17Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 92KB - Virtual size: 91KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 12B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

a7:58:50:4e:79:71:86:9d:0a:ec:27:75:ff:fa:03:d5
Certificate

d1:85:f3:64:18:f7:06:72:cd:47:52:9c:e7:76:25:8a:fb:af:c2:17
Signer

.text
Size: 92KB - Virtual size: 91KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 12B