redline | 24d03a9289b793d018fd67839265258ca38c5398a8e55e0882ca75a9053a7e25

General

Target

24d03a9289b793d018fd67839265258ca38c5398a8e55e0882ca75a9053a7e25
Size

139KB
MD5

13f9662a23420cef71cba907cb4efd17
SHA1

ae44441777f69f307e02a0310ed62b3a76a19b82
SHA256

24d03a9289b793d018fd67839265258ca38c5398a8e55e0882ca75a9053a7e25
SHA512

9c0c943bbc49706970ab4d75702b1afb467dc47f1e716e02c766b4cfed2f49d4d9a54db9526da56a5953ad3b450602102f54ec09eca83f33a596bd08d3f3bf8e
SSDEEP

3072:MyclpP1GAdv34Csbgl1OmU+c0vDkdFxxHNN:i1GAdv34W2j+rrgxHNN

Score

10^/10

Family

redline

Botnet

2.22

C2

95.211.185.27:59230

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/ee30796aa4784093fdfe528e83fb78b9fe72bbd5ea72a0ee7b242081a454da65	family_redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/ee30796aa4784093fdfe528e83fb78b9fe72bbd5ea72a0ee7b242081a454da65	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ee30796aa4784093fdfe528e83fb78b9fe72bbd5ea72a0ee7b242081a454da65

24d03a9289b793d018fd67839265258ca38c5398a8e55e0882ca75a9053a7e25
.zip

Password: infected
ee30796aa4784093fdfe528e83fb78b9fe72bbd5ea72a0ee7b242081a454da65
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ