redline | A12AA0D7C2297D87F1E41B7893FEE3D7176A3EB170CD2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

A12AA0D7C2297D87F1E41B7893FEE3D7176A3EB170CD2.exe
Size

107KB
MD5

860c7e600bd42ca4a371b9f02803ac37
SHA1

2c56f803f8dc72c384359f79aacd53851e300010
SHA256

a12aa0d7c2297d87f1e41b7893fee3d7176a3eb170cd2af54e98e9b560d50671
SHA512

8848a6c2449fee3f2cf7ec96769d7320e6b17a1ca4f5e163e4b65e013df1642a059eb09e8a93460ed445acee42bf18e813a2c5e452d5205e76e75c14216989a7
SSDEEP

3072:JcvFBgCYJpiSI8AURIskQdZ1QcLmsDEhv4EASNC:JcvOilskQPecVEhv4jS

Score

10^/10

111 redline

Malware Config

Extracted

Family

redline

Botnet

111

C2

89.22.227.140:41477

Attributes

auth_value
dc40c2bb84ec34709d5583917e95e9c3

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

A12AA0D7C2297D87F1E41B7893FEE3D7176A3EB170CD2.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ