redline | 32acb5dbeefb865f0bf047e6b192cbf4f37f06203aa5de4a7d37dc714129d012

General

Target

32acb5dbeefb865f0bf047e6b192cbf4f37f06203aa5de4a7d37dc714129d012
Size

43KB
MD5

a0ee61d12e101dda898f4f326279095f
SHA1

f3f9a97e001e69113c8f8ce7015265e7e469830c
SHA256

32acb5dbeefb865f0bf047e6b192cbf4f37f06203aa5de4a7d37dc714129d012
SHA512

bfa0fb51db730b152f1a69bd05f04a97da89b3818ea2689a292788fcc66fb3a492a79aa6f5f65fe0af00a7b5ad19f281b340318bc41cf36383a28a7757aca400
SSDEEP

768:6z3JsF6beylIHHYkEhrvO1/CQG7mKbdPg8JmZ5m/mwjYaQQBlFOtqI54NM8Fl0xw:6z5s6btkHjEhy9GVY84ZwOYYarBDgqYy

Score

10^/10

Family

redline

Botnet

HİLE_AKTİF

C2

185.176.93.30:8417

RedLine payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/b866a07c5d23b3238de1750b26ea17eb016993864ceb9c93c9283a2d58dfdcab.exe	family_redline

SectopRAT payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/b866a07c5d23b3238de1750b26ea17eb016993864ceb9c93c9283a2d58dfdcab.exe	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/b866a07c5d23b3238de1750b26ea17eb016993864ceb9c93c9283a2d58dfdcab.exe

32acb5dbeefb865f0bf047e6b192cbf4f37f06203aa5de4a7d37dc714129d012
.zip

Password: infected
b866a07c5d23b3238de1750b26ea17eb016993864ceb9c93c9283a2d58dfdcab.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ