Overview

overview

10

Static

static

10

5ecf0dade2...8e.exe

windows7-x64

10

5ecf0dade2...8e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e.exe

  • Size

    95KB

  • MD5

    7a8ecbc488543dd3ce6cfe5ba9d5cd8b

  • SHA1

    87031bf7d870ffb4a6bec6e44a38045834017b50

  • SHA256

    5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e

  • SHA512

    e6f9080c58f1f10fdcedb23e4efd525ad4a40573c0f69f65d8ec3f6e5de45544bd8b5b96ad6603e1b291eb6697b3ed03cd4265d9249ffe90fcc22ef977f95eef

  • SSDEEP

    1536:Fqsgaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2/3teulgS6pQl:DfZeYP+zi0ZbYe1g0ujyzdjQ

Score
10/10
cheatredlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

0.tcp.eu.ngrok.io:18950

Signatures

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5ecf0dade29bc4365035554275d07a72b112d0b6bc7487cef6a1c40ed50ea28e.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections