General

  • Target

    ad475abae33ea4782ee51c912038e06710ad570c06032ae60d9a9b0ca9730386

  • Size

    43KB

  • MD5

    304c0de5b583817bb0610e7200bfa328

  • SHA1

    511d833201654fe857907b0e9d874e55125af3f4

  • SHA256

    ad475abae33ea4782ee51c912038e06710ad570c06032ae60d9a9b0ca9730386

  • SHA512

    9899e1a6bec9172319545d2637cb54771bd8f3162e60bd4b45a71ad64ed6a67088f8ff983ae54ea2828fde33023635f2f53f5229d4f75e92d35d8f0b76ca7a1b

  • SSDEEP

    768:xajjmQieT0TYFBrNd/OTFiN2pWOLreHniU6eOsB0mLwlxByVHtYM02teAFrZHx4:xcj1ieEwbOgNfOLrcniHeOgQBsHGgtDY

Malware Config

Extracted

Family

redline

Botnet

h4n0m4n

C2

207.32.219.79:40826

Signatures

  • RedLine payload 1 IoCs
  • Redline family
  • SectopRAT payload 1 IoCs
  • Sectoprat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ad475abae33ea4782ee51c912038e06710ad570c06032ae60d9a9b0ca9730386
    .zip

    Password: infected

  • 6f2dbdabc774d30faa0ae37b727451912b504326b791a1737c7e4a8c41de85ad.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections