redline | 99413087ffe7340e99989d09040ac13512349706ba56709703733da3dc4f2635

General

Target

99413087ffe7340e99989d09040ac13512349706ba56709703733da3dc4f2635
Size

43KB
MD5

99cfb7d9ebfc582b59590db14ee4dec5
SHA1

6c909d22f145e14b1a4341cbbcac94b0c12ed5e6
SHA256

99413087ffe7340e99989d09040ac13512349706ba56709703733da3dc4f2635
SHA512

45a79ec0758cd218e03b2ad0c477736c62777e68cb08bfe1a2dcec3f1df0066288e8622b1eb1460f4ac6549ef3e9e95ffe9be89af1c1c2bef7d0eaac79b8c0f1
SSDEEP

768:BazE47AYWTjFxuim+BYoVHHdc4Q64Zs7Yf6HoanvvjcgMYs971tEwjfP3:CE46j7Bimc4QAcO5nwgcIwTP3

Score

10^/10

Family

redline

Botnet

cheat

C2

ae1.localto.net:8080

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/861ddbde9e32976e5a35a266c8a6eb8de0ded75940d03a99bb7d8ad5126ad972.exe	family_redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/861ddbde9e32976e5a35a266c8a6eb8de0ded75940d03a99bb7d8ad5126ad972.exe	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/861ddbde9e32976e5a35a266c8a6eb8de0ded75940d03a99bb7d8ad5126ad972.exe

99413087ffe7340e99989d09040ac13512349706ba56709703733da3dc4f2635
.zip

Password: infected
861ddbde9e32976e5a35a266c8a6eb8de0ded75940d03a99bb7d8ad5126ad972.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ