redline | 869db8c8b5bdb689dda0651b249196e00de2dc60ab37f03d5aaa5c849e8e82ed

Sharing

Copy URL

Twitter E-mail

General

Target

869db8c8b5bdb689dda0651b249196e00de2dc60ab37f03d5aaa5c849e8e82ed
Size

104KB
MD5

1691df5f03d8c1fbba51b87552e0e0a8
SHA1

c855e3b5739dce7c0dd6187dae923a95bce43f62
SHA256

869db8c8b5bdb689dda0651b249196e00de2dc60ab37f03d5aaa5c849e8e82ed
SHA512

2d5382e8d2b4e413c8902f12dc06a30ad444346162fe37843ee735f4cbdcbe67403a12ad6923d13f3ebbef1195be9f46e2b902dc5116834a8df7555858593ae7
SSDEEP

3072:EZUKsgbLjlp5qEm7zqWgVWOMk7lQ/PVUIJv0w1:XAbLjlp5qEm7zmkO7sS+

Score

10^/10

v1 redline

Malware Config

Extracted

Family

redline

Botnet

103.164.36.110:12006

Attributes

auth_value
4888f354e51d56f9136d4bf3b814b284

Signatures

RedLine Payload 1 IoCs

Processes:

resource yara_rule

sample family_redline
Redline family
redline

resource	yara_rule
sample	family_redline

Files

869db8c8b5bdb689dda0651b249196e00de2dc60ab37f03d5aaa5c849e8e82ed
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

26:4e:67:6a:c7:02:9a:b9:4f:ab:92:c7:c3:3e:04:5b
Certificate

Issuer

CN=Dendrites,O=Wade Milling Inc.,C=1U,1.2.840.113549.1.9.1=#0c1a6f6f676f6e69616c636174656e61727940676d61696c2e636f6d

Not Before

19-10-2021 21:00

Not After

26-10-2031 21:00

Subject

CN=Dendrites,O=Wade Milling Inc.,C=1U,1.2.840.113549.1.9.1=#0c1a6f6f676f6e69616c636174656e61727940676d61696c2e636f6d

a6:f9:cc:89:dc:fd:2a:6b:04:1e:e8:dc:34:5a:f7:e2:b4:fd:cb:45
Signer

Actual PE Digest

a6:f9:cc:89:dc:fd:2a:6b:04:1e:e8:dc:34:5a:f7:e2:b4:fd:cb:45

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Dendrites,O=Wade Milling Inc.,C=1U,1.2.840.113549.1.9.1=#0c1a6f6f676f6e69616c636174656e61727940676d61696c2e636f6d

14-02-2022 17:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

26:4e:67:6a:c7:02:9a:b9:4f:ab:92:c7:c3:3e:04:5bCertificate

a6:f9:cc:89:dc:fd:2a:6b:04:1e:e8:dc:34:5a:f7:e2:b4:fd:cb:45Signer

Signature Validations

Verification

14-02-2022 17:38 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 98KB - Virtual size: 97KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 12B

26:4e:67:6a:c7:02:9a:b9:4f:ab:92:c7:c3:3e:04:5b
Certificate

a6:f9:cc:89:dc:fd:2a:6b:04:1e:e8:dc:34:5a:f7:e2:b4:fd:cb:45
Signer

14-02-2022 17:38
Valid: false

.text
Size: 98KB - Virtual size: 97KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 12B