Overview

overview

10

Static

static

10

df387cd512...ad.exe

windows7-x64

10

df387cd512...ad.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    df387cd512dc13db14be199cee7f7bad

  • Size

    100KB

  • MD5

    df387cd512dc13db14be199cee7f7bad

  • SHA1

    59c342bb98f5a430fd6c83201333899833a00705

  • SHA256

    9c65d0b0200bdced813685a0b4cfdc448c7facba3a6c3cf9efc99a0ecc99bad9

  • SHA512

    46612a09cb5b85a59c799746443e50c9863bc2254b44ce0cae3f9139873a3280e064fa9395c0f9db652edd6e8bf0551134e45bfc756ad3dd4a90ddac60f97b08

  • SSDEEP

    1536:Vm386AEAORlBR8AcFadKPw9iy64SeQzW7vGgbue7vxuvVyAsdvoi1xQeTEeG6WA6:Vi86AdGdWnPySeQzWLn3xu9ydddsvc6

Score
10/10
@puff_rollredlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

@puff_roll

C2

3.121.85.109:62340

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • df387cd512dc13db14be199cee7f7bad
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections