redline | c6d4db7a0836a201b5d545ae91a2b4fe63d1501334d46debac3a7140a59016d9[.]zip

General

Target

c6d4db7a0836a201b5d545ae91a2b4fe63d1501334d46debac3a7140a59016d9.zip
Size

43KB
MD5

bbe08d2ffe4d27abbdb428456fe38464
SHA1

59dba89db423b059e24a21e8849e789c9aaab74e
SHA256

2b69e899ce35dd16892728975ee145df8bd1da5ba0d74a4091fceb34e7e449f8
SHA512

c7dd6f89e17809249b1205990564616c62b970fdd1fba5e5c0c9a9a40ce05d09898809071b3ca9ee2e5ec25b840919735cb1e118ec0925d1bd26f22d6ae958df
SSDEEP

768:MMAip1gFo2riFOhyjZhB/XREsURzZOstIccoT91Q7AIcBdtdA8bnz6KJT9:MMAqmFol8mrB/XVCOiyoT9q7AI6Te8LN

Score

10^/10

Family

redline

Botnet

2122398749

C2

79.137.192.6:8362

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/c6d4db7a0836a201b5d545ae91a2b4fe63d1501334d46debac3a7140a59016d9	family_redline

c6d4db7a0836a201b5d545ae91a2b4fe63d1501334d46debac3a7140a59016d9.zip
.zip

Password: threatbook
c6d4db7a0836a201b5d545ae91a2b4fe63d1501334d46debac3a7140a59016d9
.exe windows x86

Password: threatbook

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ