redline | 187884897d0e6f21ef43e86597c33019fab04d0a06b60a386767f83912693340

Sharing

Copy URL Twitter E-mail

General

Target

187884897d0e6f21ef43e86597c33019fab04d0a06b60a386767f83912693340
Size

114KB
MD5

32240517174f68b6fa99fb6a943fd978
SHA1

3abaf0c5f72e938ec6597e5d038bf48382eba161
SHA256

187884897d0e6f21ef43e86597c33019fab04d0a06b60a386767f83912693340
SHA512

8b905d07b35cc2c428cd415183fd30a098fc14009e4b3ab47c1000a2679f09c2c25556c0c152debfd6e1a591d0a005e302b7471c10415efac36d6c0f06168fcb
SSDEEP

3072:/CrdQX/OHkUDWZYQfcHj8Wvl4AUhQLj0k:udq83Uhaj

Score

10^/10

@meei_zuko/29.04.22 redline

Malware Config

Extracted

Family

redline

Botnet

@Meei_Zuko/29.04.22

89.107.10.129:33851

Attributes

auth_value
84a9c223957e7362eb3e402082b102b2

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

187884897d0e6f21ef43e86597c33019fab04d0a06b60a386767f83912693340
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:66:ad:fa:17:63:89:d9:b4:30:1a:c8:7e:fd:6a:96
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/04/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Nvidia Corporation,OU=IT-MIS,O=Nvidia Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22/07/2020, 15:33

Not After

29/12/2030, 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:da:ab:71:dc:08:7f:84:9c:6c:f9:0f:eb:5b:33:52:77:9c:5d:6b:b4:86:d3:a1:58:8d:05:10:32:fb:e5:97
Signer

Actual PE Digest

69:da:ab:71:dc:08:7f:84:9c:6c:f9:0f:eb:5b:33:52:77:9c:5d:6b:b4:86:d3:a1:58:8d:05:10:32:fb:e5:97

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nvidia Corporation,OU=IT-MIS,O=Nvidia Corporation,L=Santa Clara,ST=California,C=US

09/12/2021, 10:18
Valid: true

Chain 1

CN=Nvidia Corporation,OU=IT-MIS,O=Nvidia Corporation,L=Santa Clara,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

02:66:ad:fa:17:63:89:d9:b4:30:1a:c8:7e:fd:6a:96Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4Certificate

Extended Key Usages

Key Usages

69:da:ab:71:dc:08:7f:84:9c:6c:f9:0f:eb:5b:33:52:77:9c:5d:6b:b4:86:d3:a1:58:8d:05:10:32:fb:e5:97Signer

Signature Validations

Verification

09/12/2021, 10:18 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 103KB - Virtual size: 103KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:66:ad:fa:17:63:89:d9:b4:30:1a:c8:7e:fd:6a:96
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

69:da:ab:71:dc:08:7f:84:9c:6c:f9:0f:eb:5b:33:52:77:9c:5d:6b:b4:86:d3:a1:58:8d:05:10:32:fb:e5:97
Signer

09/12/2021, 10:18
Valid: true

.text
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B