redline | 5c6d2425943bd5439503af83b3337e6253994776d91c4ed4bd572266971f3520

General

Target

5c6d2425943bd5439503af83b3337e6253994776d91c4ed4bd572266971f3520
Size

43KB
MD5

89d11cbbe2c3068e757b06a893c14d86
SHA1

196e5b58a74b1993134a8a56c8a654516aab043a
SHA256

5c6d2425943bd5439503af83b3337e6253994776d91c4ed4bd572266971f3520
SHA512

b84b18485d1bb6dbbc56e3c2044ff42dfdc13046cc40770e2370c46879e5716d1e80d4c04bb7a2b47b230d096d44cac61c7f3db55f50733861a2be2ed758b486
SSDEEP

768:vQ1kP0/FT6cByEYa129SzH00zUe8BUjEx6/icO2rKDP8OyL5ANu5AEKO55o43xd6:veF2cBydrSrwTDIXiNu7555xdnbvC/

Score

10^/10

Family

redline

Botnet

XenLogs

C2

45.77.240.40:25887

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248.exe	family_redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248.exe	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248.exe

5c6d2425943bd5439503af83b3337e6253994776d91c4ed4bd572266971f3520
.zip

Password: infected
1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ