redline | 4782cfc3ded91b14fddc012c8f7e6752f830c097874456ad3e9aedd50294be27

General

Target

4782cfc3ded91b14fddc012c8f7e6752f830c097874456ad3e9aedd50294be27
Size

43KB
MD5

1bdfa77bfc7d5b69ff98849b1eb33ef3
SHA1

48e53a793ad29f90ebd033c9268ba4c0c2261e2b
SHA256

4782cfc3ded91b14fddc012c8f7e6752f830c097874456ad3e9aedd50294be27
SHA512

2b070e62041d1f494f3922300382e88a45559ee333268d029da71b79949bcab8b7e0ddcff91ffee96209f05d1d500da503df1f8e6968336594151c320f9c8863
SSDEEP

768:9O74khJb1ft/c6GGBjDKsdUb3m/1ul0zhpY4HG7aNzfEuxHgCfvx7Tn2:MLb1ftULiBUb3E1S0NpRTNxdn2

Score

10^/10

Family

redline

Botnet

cheat

C2

45.141.215.79:1639

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/08f089589dda0d849bf735d27c71152bc47f7c71e676a0ee8bc502b422f454c1	family_redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/08f089589dda0d849bf735d27c71152bc47f7c71e676a0ee8bc502b422f454c1	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/08f089589dda0d849bf735d27c71152bc47f7c71e676a0ee8bc502b422f454c1

4782cfc3ded91b14fddc012c8f7e6752f830c097874456ad3e9aedd50294be27
.zip

Password: infected
08f089589dda0d849bf735d27c71152bc47f7c71e676a0ee8bc502b422f454c1
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ