redline | 477d1984e23fbb9988c2840dc81df1873c397ed324e15300c818c2cf40665c19

General

Target

477d1984e23fbb9988c2840dc81df1873c397ed324e15300c818c2cf40665c19
Size

45KB
MD5

69eb1a0f6b8b3a90d53f5daa424f688c
SHA1

956a0873d33ba3fbf1d56b5fbc7d79787c59f085
SHA256

477d1984e23fbb9988c2840dc81df1873c397ed324e15300c818c2cf40665c19
SHA512

3554d9d05ea16b21ee44572f8aab35b912ad1361f78a48763fd58beddfa6ed8d8bbf4100114f6bc07a9050fd85393cd4e76abf2cba8583be1f1f42d10fa21080
SSDEEP

768:DNZNlIv5wyV6SgxI9OpPSKWhx1jACIy2z1oAJjO4bWeN7nur9o3OLWkhWY8YuZ:NlIhPV+FNEIrz84b/urySrCv

Score

10^/10

Family

redline

Botnet

cheat

C2

discord.sytes.net:1337

RedLine payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/d01112a8b33f034f269cadd5ed5d2589163025365e6b7f1b6387744ec37d4ce4	family_redline

SectopRAT payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/d01112a8b33f034f269cadd5ed5d2589163025365e6b7f1b6387744ec37d4ce4	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/d01112a8b33f034f269cadd5ed5d2589163025365e6b7f1b6387744ec37d4ce4

477d1984e23fbb9988c2840dc81df1873c397ed324e15300c818c2cf40665c19
.zip

Password: infected
d01112a8b33f034f269cadd5ed5d2589163025365e6b7f1b6387744ec37d4ce4
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ