General
-
Target
1a328c71452450974247cf6126bbde1b1ab459bb1c6f56cc6f4c5626b8c9d386.exe
-
Size
95KB
-
MD5
7875166307500da488a1618d9790e14c
-
SHA1
94219d3929064c36a1a60dd0a0b82c67f1038f4a
-
SHA256
1a328c71452450974247cf6126bbde1b1ab459bb1c6f56cc6f4c5626b8c9d386
-
SHA512
2ffacea5b936fe99d17c46c3a24450a1b95d0cb84c355a7deec6080b8f4fb6ec442280ea953621a20bac379d0b7f11e9ff18a489a0eee0cb1bb3366ea3ba9d4f
-
SSDEEP
1536:NqsIoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed21tmulgS6pIl:7Z1FYH+zi0ZbYe1g0ujyzd9I
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
X3.0 Foundry
C2
79.110.49.209:37552
Signatures
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
-
RedLine payload 1 IoCs
-
Redline family
-
SectopRAT payload 1 IoCs
-
Sectoprat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1a328c71452450974247cf6126bbde1b1ab459bb1c6f56cc6f4c5626b8c9d386.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections