redline | 74e340f97857321dd1bedbce444093c4fdc6216c0c078b3567302c366c28c4f2

General

Target

74e340f97857321dd1bedbce444093c4fdc6216c0c078b3567302c366c28c4f2
Size

43KB
MD5

016b446b003a16c1874cdf8f99febeaa
SHA1

d8aa249a29464148d3fd62904c6593299bfa788b
SHA256

74e340f97857321dd1bedbce444093c4fdc6216c0c078b3567302c366c28c4f2
SHA512

a4d4d88287410362efc2d07f888ca39a115452ec4b943e26fa2a03dbc53a418333089cf6b325e60ebc1bf150848063a747f5550f5cf58dd7b7590824361c7cec
SSDEEP

768:FgW35cqNWUsoermX+02O8JXXJ8yQW4fbCO0nY90cVIqNfFktZ+NYbtUNku:d3vqg2O8JHJ8yQWKCOdCSLkWabWv

Score

10^/10

Family

redline

Botnet

Hackus

C2

0.tcp.ngrok.io:18233

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/06979f859be403c6e94b16452365fbeccbc0f85b7c6e40ba41c3460856027db2.exe	family_redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/06979f859be403c6e94b16452365fbeccbc0f85b7c6e40ba41c3460856027db2.exe	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/06979f859be403c6e94b16452365fbeccbc0f85b7c6e40ba41c3460856027db2.exe

74e340f97857321dd1bedbce444093c4fdc6216c0c078b3567302c366c28c4f2
.zip

Password: infected
06979f859be403c6e94b16452365fbeccbc0f85b7c6e40ba41c3460856027db2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ