Behavioral task
behavioral1
Sample
a56ab2abe69823efba8192aad89c0521b3869f091752ce63e7ec399f679b1768.exe
Resource
win7-20231129-en
General
-
Target
bdd591abdd4acc492a22e106c01afc00.bin
-
Size
42KB
-
MD5
9b15a5dcef6d2b9122a4b79e5034c7bb
-
SHA1
c0646923123ed13ee52bc1dfc2789d7e3bbcb06f
-
SHA256
4675455dc430ad5f3a4cfb34d6cb49e9a421682fefe6eee63b55ca29c720394f
-
SHA512
b9c3064d273be9784506e30b76e56abecf5284b8a073183ad9f9bd6cdf7983fa513ef76c8b0ef218356c3e31a653ba3083cdcf351ded702960057d6bdafe47e2
-
SSDEEP
768:cFzPQhSnDK4QhZfD00eCWoCmGnsapUq9OlVjNIAEl0t6HcqKpVQec3lWYdZ:cBQvT/e1oCTndKq8ltJjtucqGCec1lZ
Malware Config
Extracted
redline
cheat
31.210.43.215:51414
Signatures
-
RedLine payload 1 IoCs
resource yara_rule static1/unpack001/a56ab2abe69823efba8192aad89c0521b3869f091752ce63e7ec399f679b1768.exe family_redline -
Redline family
-
SectopRAT payload 1 IoCs
resource yara_rule static1/unpack001/a56ab2abe69823efba8192aad89c0521b3869f091752ce63e7ec399f679b1768.exe family_sectoprat -
Sectoprat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/a56ab2abe69823efba8192aad89c0521b3869f091752ce63e7ec399f679b1768.exe
Files
-
bdd591abdd4acc492a22e106c01afc00.bin.zip
Password: infected
-
a56ab2abe69823efba8192aad89c0521b3869f091752ce63e7ec399f679b1768.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 964B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ