redline | 79ce0a718e7fe1c2d2709997cdc92e20bb0204c8f3cef7d075a3f0b0715db9a5

General

Target

79ce0a718e7fe1c2d2709997cdc92e20bb0204c8f3cef7d075a3f0b0715db9a5
Size

43KB
MD5

7e74caf51b2a4f6ac7cff4b3f585e6f2
SHA1

4b513be187a8fba7cb8ca6c4fcd0a88fa100603e
SHA256

79ce0a718e7fe1c2d2709997cdc92e20bb0204c8f3cef7d075a3f0b0715db9a5
SHA512

5971331236547c4f151e99317bc7de1fdb3025af3cd795b188b0653e604d167b7bc7b08dd3f1b620b490b9cc06564afde0c8ae59154ced7ff4894f468f578738
SSDEEP

768:yQWmK/GRvPgJa3fhsAEmLFeXxaO9xbSHQHCn8Iu5zIg7pP0fgE13oNhAGVU:kmKOxr3xYxaO9xewHC8hhIg7pP0fpES

Score

10^/10

Family

redline

Botnet

clean

C2

109.107.179.248:80

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/7313c7883a4550db59cd59fac2172c3c258273a3efbd9dafeb70f21fdb6f3ffc.exe	family_redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/7313c7883a4550db59cd59fac2172c3c258273a3efbd9dafeb70f21fdb6f3ffc.exe	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7313c7883a4550db59cd59fac2172c3c258273a3efbd9dafeb70f21fdb6f3ffc.exe

79ce0a718e7fe1c2d2709997cdc92e20bb0204c8f3cef7d075a3f0b0715db9a5
.zip

Password: infected
7313c7883a4550db59cd59fac2172c3c258273a3efbd9dafeb70f21fdb6f3ffc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ