redline | Implosions[.]exe | Triage

Sharing

General

Target

Implosions.exe
Size

95KB
MD5

2afcf6cd8dc311e0204eb49719c29f8f
SHA1

c68b99f2fa156cbb7ea565ea729085046402abc5
SHA256

d34be5ffbf85b3c0f88c192b7fb61d4b5ec3f8fb826d77673b6de26cdbdd4187
SHA512

a51c9774f49136b6cf6f2fefc5a8bdd6a0ce7fef74fbd827e3374e510250b386daf08a98634c5728a8765d8e9a8470df8235791855e6066a34032d28a7aafa05
SSDEEP

1536:xqsIjlqzWlbG6jejoigIr43Ywzi0Zb78ivombfexv0ujXyyed2/teulgS6pk:f0UeYr+zi0ZbYe1g0ujyzdTk

Score

10^/10

lim redline sectoprat

Malware Config

Extracted

Family

redline

Botnet

LIM

C2

195.3.223.120:25539

Signatures

RedLine payload 1 IoCs

Processes:

resource yara_rule

sample family_redline
Redline family
redline
SectopRAT payload 1 IoCs

Processes:

resource yara_rule

sample family_sectoprat
Sectoprat family
sectoprat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Implosions.exe

Files

Implosions.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ