redline | 0bc911cec4e5f2b62ad7af79debf202d[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bc911cec4e5f2b62ad7af79debf202d.exe
Size

104KB
MD5

0bc911cec4e5f2b62ad7af79debf202d
SHA1

8e9e5af633c4ea40abd6e9b10717d3bc5948f68a
SHA256

1b5592d528648675263d9ff8cb58685fc3355a2240d3a32f25bc1974be3227b9
SHA512

be311bfcc90d8d79fbfa58aa6cf60f99d75a135c29fcaef01190689557b858a60ec5a78613365941f9ae00d6e897da2194f9b7418eddfeb39169a51fd8bede82
SSDEEP

1536:fv+zC1sA0XDtbY6coHnogJj0V8J1r4Wb6A7RZm3xCBebRXBbuMZ1hCmI0wuei6qC:aC1sA0XhU6cIXT6ANZmBCs15fEmIhAC

Score

10^/10

5333098525_99 redline

Malware Config

Extracted

Family

redline

Botnet

5333098525_99

C2

buybenow.top:37397

Attributes

auth_value
5aafbdb68e240118cf35bdf66e0728ed

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

0bc911cec4e5f2b62ad7af79debf202d.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ