Overview

overview

10

Static

static

10

e4d67649c7...4e.exe

windows7-x64

10

e4d67649c7...4e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4622038cc281fbc35d0cfce6c5a595e3.bin

  • Size

    43KB

  • MD5

    63561b89f54e86b28f3aaf785cdb744b

  • SHA1

    21f02a4cf17859463051384fd4183a778cefb7f6

  • SHA256

    ec851b0e580334014882ec97f7d2a44ee82d3c5f3c2e5bd86971d474dd0442a1

  • SHA512

    ef7ed0f31e05537adee3ad1c7e3e4c0f1e8a6295e322c986e008f4f4042ef41467254c490adcd3bc2502ae35e093eb1cfd28879d2b1c8b7a73f8893d4cc2a66d

  • SSDEEP

    768:jvwPbMDBUW1lpyATBTmzmzot1GGtgxOXUiebS7Nh38qPqNFOxX+erMQxgSSyeY25:jYPbMFUWxTB6U8GGDkDW7Nh3vPWYxX+F

Score
10/10
blackhatrussia.com cleanredlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

blackhatrussia.com clean

C2

51.89.201.41:29254

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4622038cc281fbc35d0cfce6c5a595e3.bin
    .zip

    Password: infected

  • e4d67649c7704c50925bcd3fe6ac345cba54d118407f28f6550b398671b0284e.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections