redline | aca66e14ad1a72b7a5784d55f6a277f709a016517cc14b388153526af453c753

General

Target

aca66e14ad1a72b7a5784d55f6a277f709a016517cc14b388153526af453c753
Size

43KB
MD5

54d7ff2b380b7e42cfef4edcee3ea444
SHA1

01eb65d7f68d6c49535089bd55dd046fe1ee4e70
SHA256

aca66e14ad1a72b7a5784d55f6a277f709a016517cc14b388153526af453c753
SHA512

75ed5cef10bbcda591f9c5304699f94808a8461c6ea5a32b31795b798009247c77c5ecba40947ee1a5a45feeee954227bf396f002e3820b7ff8c900fd19e30da
SSDEEP

768:R/vmuLhQizFfe269n0s2i7UvqoMCan3AUSI6HNhHexxWGo/LniyQSkqLR07Y:R/uCeizFmF90s23v7KQUitdex96DQ60E

Score

10^/10

Family

redline

Botnet

skullb3astlog

C2

5.180.155.87:64765

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/c5a97c768e7ba609346fe283ab8be115e1279edd50e672a89eaa9c1693cf4df6.exe	family_redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/c5a97c768e7ba609346fe283ab8be115e1279edd50e672a89eaa9c1693cf4df6.exe	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c5a97c768e7ba609346fe283ab8be115e1279edd50e672a89eaa9c1693cf4df6.exe

aca66e14ad1a72b7a5784d55f6a277f709a016517cc14b388153526af453c753
.zip

Password: infected
c5a97c768e7ba609346fe283ab8be115e1279edd50e672a89eaa9c1693cf4df6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ