redline | 9c403be040ad88478922e47dbf7630e2b32ad3af9bd34acca331a8ebc280ae4b

General

Target

9c403be040ad88478922e47dbf7630e2b32ad3af9bd34acca331a8ebc280ae4b
Size

43KB
MD5

4dc46354f5a3dd4ae6d7c09a7c7bd095
SHA1

7ff2807e6bf9d99460d339bb5265387cbfebfb79
SHA256

9c403be040ad88478922e47dbf7630e2b32ad3af9bd34acca331a8ebc280ae4b
SHA512

f2ca8423701e77b1085460221a805de48bc275d16dc50761f3300933528fabd58f131a1bca21ff560ba65823a2d6130563044fe3f0874f0d51ee57426490a9b1
SSDEEP

768:FSYu+f+aWGuS0FrCsZyEh5fnub3Vbwj2U5zc5IEWvg6iCqZU1eQ20jB/JFzn21sn:FS3+f+aWpSmrC5PDyjNc5IETEjxJBn2w

Score

10^/10

Family

redline

Botnet

cheat

C2

15.229.47.242:10010

RedLine payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3	family_redline

SectopRAT payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3

9c403be040ad88478922e47dbf7630e2b32ad3af9bd34acca331a8ebc280ae4b
.zip

Password: infected
925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ