redline | 4675455dc430ad5f3a4cfb34d6cb49e9a421682fefe6eee63b55ca29c720394f

General

Target

4675455dc430ad5f3a4cfb34d6cb49e9a421682fefe6eee63b55ca29c720394f
Size

42KB
MD5

9b15a5dcef6d2b9122a4b79e5034c7bb
SHA1

c0646923123ed13ee52bc1dfc2789d7e3bbcb06f
SHA256

4675455dc430ad5f3a4cfb34d6cb49e9a421682fefe6eee63b55ca29c720394f
SHA512

b9c3064d273be9784506e30b76e56abecf5284b8a073183ad9f9bd6cdf7983fa513ef76c8b0ef218356c3e31a653ba3083cdcf351ded702960057d6bdafe47e2
SSDEEP

768:cFzPQhSnDK4QhZfD00eCWoCmGnsapUq9OlVjNIAEl0t6HcqKpVQec3lWYdZ:cBQvT/e1oCTndKq8ltJjtucqGCec1lZ

Score

10^/10

Family

redline

Botnet

cheat

C2

31.210.43.215:51414

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/a56ab2abe69823efba8192aad89c0521b3869f091752ce63e7ec399f679b1768.exe	family_redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/a56ab2abe69823efba8192aad89c0521b3869f091752ce63e7ec399f679b1768.exe	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a56ab2abe69823efba8192aad89c0521b3869f091752ce63e7ec399f679b1768.exe

4675455dc430ad5f3a4cfb34d6cb49e9a421682fefe6eee63b55ca29c720394f
.zip

Password: infected
a56ab2abe69823efba8192aad89c0521b3869f091752ce63e7ec399f679b1768.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ