redline | 0x0007000000021e83-163[.]dat

Sharing

Copy URL

Twitter E-mail

General

Target

0x0007000000021e83-163.dat
Size

107KB
MD5

00e43a3bfd4f821d13329209ab4875e7
SHA1

3a6648e1f23684d2ffe2e5af683761c184537a1e
SHA256

354a014aac7be2159294631afdc5a0683edd91ec8b7c9b34d3548b2227a047f2
SHA512

2c018312976ce2d0b5e5cf12b5e5daa3773507042fceab0ab4a88f38db53cc3a99063cc6455412cd93b308a2fcdd6b777f0c56c8b1b1686bab942464867a4c62

Score

10^/10

da da redline

Malware Config

Extracted

Family

redline

Botnet

da da

86.107.197.196:63065

Attributes

auth_value
9b1654b30797c210c85bd0890936a5b9

Signatures

RedLine Payload 1 IoCs

Processes:

resource yara_rule

sample family_redline
Redline family
redline

resource	yara_rule
sample	family_redline

Files

0x0007000000021e83-163.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:f2:7f:c5:1e:e8:0b:30:43:09:47:c9:96:7d:b4:40
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30-11-2021 00:00

Not After

30-11-2022 23:59

Subject

CN=AMCERT\,LLC,O=AMCERT\,LLC,ST=Erevan,C=AM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:9b:bc:cd:77:ef:9b:39:fe:ce:2f:59:80:40:da:44:d2:3f:5d:ae
Signer

Actual PE Digest

2d:9b:bc:cd:77:ef:9b:39:fe:ce:2f:59:80:40:da:44:d2:3f:5d:ae

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=AMCERT\,LLC,O=AMCERT\,LLC,ST=Erevan,C=AM

15-03-2022 14:42
Valid: true

Chain 1

CN=AMCERT\,LLC,O=AMCERT\,LLC,ST=Erevan,C=AM

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

5e:f2:7f:c5:1e:e8:0b:30:43:09:47:c9:96:7d:b4:40Certificate

Extended Key Usages

Key Usages

2d:9b:bc:cd:77:ef:9b:39:fe:ce:2f:59:80:40:da:44:d2:3f:5d:aeSigner

Signature Validations

Verification

15-03-2022 14:42 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 99KB - Virtual size: 99KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

5e:f2:7f:c5:1e:e8:0b:30:43:09:47:c9:96:7d:b4:40
Certificate

2d:9b:bc:cd:77:ef:9b:39:fe:ce:2f:59:80:40:da:44:d2:3f:5d:ae
Signer

15-03-2022 14:42
Valid: true

.text
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B