redline | d07821f6b17cd89b9a359f3f6a0776ccec5b2d14078b3f2536c111942584d165N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

d07821f6b17cd89b9a359f3f6a0776ccec5b2d14078b3f2536c111942584d165N.exe
Size

113KB
MD5

c03fabc13d7e451aa7789a9e809ee360
SHA1

15c0e7bb586c799eaa5ad185958ab36073da0c2d
SHA256

d07821f6b17cd89b9a359f3f6a0776ccec5b2d14078b3f2536c111942584d165
SHA512

ea8dc64723d98e373279f7c766b5965233e5a4ff9ca4b407d616f73ec4eb8ff79354fe94b3898192673354a914ee2110647c4e8bb355cf05a7e4a2452ab31ce2
SSDEEP

1536:+Vjdb2mf9eCUJkwS9Xyz5SJkyhbMuL69gFvyTFdeFYPrzGEiZ/r:+lddFeC/9Xy1yJS9g1ypOuHBk/r

Score

10^/10

roblox_hack_by_rubikon24 redline sectoprat

Malware Config

Extracted

Family

redline

Botnet

ROBLOX_HACK_BY_RUBIKON24

185.215.113.71:16254

Attributes

auth_value
38b425e6d36d640ba20ef1488613e806

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

resource	yara_rule
sample	family_sectoprat

Sectoprat family
sectoprat

Files

d07821f6b17cd89b9a359f3f6a0776ccec5b2d14078b3f2536c111942584d165N.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

32:2b:8c:d3:3f:38:bb:ad:40:8e:01:7d:36:49:24:f9
Certificate

Issuer

CN=Talcose,O=Patricides Waivodes Inc.,C=4C,1.2.840.113549.1.9.1=#0c1a64657061727465646176656e6765727340676d61696c2e636f6d

Not Before

12-10-2021 21:00

Not After

19-10-2031 21:00

Subject

CN=Talcose,O=Patricides Waivodes Inc.,C=4C,1.2.840.113549.1.9.1=#0c1a64657061727465646176656e6765727340676d61696c2e636f6d

e9:2d:1b:ac:0f:83:71:55:10:6f:ff:3c:d4:e5:ab:36:9d:72:96:81
Signer

Actual PE Digest

e9:2d:1b:ac:0f:83:71:55:10:6f:ff:3c:d4:e5:ab:36:9d:72:96:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

32:2b:8c:d3:3f:38:bb:ad:40:8e:01:7d:36:49:24:f9Certificate

e9:2d:1b:ac:0f:83:71:55:10:6f:ff:3c:d4:e5:ab:36:9d:72:96:81Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 107KB - Virtual size: 106KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 12B

32:2b:8c:d3:3f:38:bb:ad:40:8e:01:7d:36:49:24:f9
Certificate

e9:2d:1b:ac:0f:83:71:55:10:6f:ff:3c:d4:e5:ab:36:9d:72:96:81
Signer

.text
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 12B