redline | f5390691bcb2159fe21241dbe4df39d221744233615ea97599790a9badeef778

General

Target

f5390691bcb2159fe21241dbe4df39d221744233615ea97599790a9badeef778
Size

43KB
MD5

9c14e17929e32070a91379921ee8068a
SHA1

9d53bfe5b85dd429069a95877d359271396ffa9f
SHA256

f5390691bcb2159fe21241dbe4df39d221744233615ea97599790a9badeef778
SHA512

c03a36bd2ad33f3b02726916277002a2f99c625850491bd4e89b8c36ab392ff19e68de15dfd2ae885a1b20d22f757ffcd0d914da1d3639be2c2777cdb78b1000
SSDEEP

768:CqUzOteZoel7g75F1bQrZfWC8p3m98+lhKZsbD2m3N7cMkTJVy:CzzOy7g7zGr8VK8+lhKZsbD221cMUJVy

Score

10^/10

Family

redline

Botnet

cheat

C2

127.0.0.1:1337

RedLine payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/b0ea212fbe7c4059d1b25a5afcb1b00040e8b501c8f3af73d930ea0daf41fe10	family_redline

SectopRAT payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/b0ea212fbe7c4059d1b25a5afcb1b00040e8b501c8f3af73d930ea0daf41fe10	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/b0ea212fbe7c4059d1b25a5afcb1b00040e8b501c8f3af73d930ea0daf41fe10

f5390691bcb2159fe21241dbe4df39d221744233615ea97599790a9badeef778
.zip

Password: infected
b0ea212fbe7c4059d1b25a5afcb1b00040e8b501c8f3af73d930ea0daf41fe10
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ