redline | 299396d55d67d5be76943a5d5f4ce403[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

299396d55d67d5be76943a5d5f4ce403.exe
Size

107KB
MD5

299396d55d67d5be76943a5d5f4ce403
SHA1

ad492f30fb17308f3a26a3566a6bd3d8265e9230
SHA256

dce4cb3aa96c4a503f7a8bebe0dfe313b656edc55e26101c16d6bae61d6a1241
SHA512

c2319c64b486be119264e74aec7dba8ed32db406f662599ad15697eb7f7542b7de4077c5cfba0340cc47a43a8f35a893823d82722a6cf7fc6536c80d7b5136ef
SSDEEP

3072:ncvFBICYSpiMIDnSPzVxpHE043JrGQchrjTdha4EASNh:ncvW1yVxpHA9cFdha4jS

Score

10^/10

seaver redline

Malware Config

Extracted

Family

redline

Botnet

SEAVER

C2

80.66.87.8:2599

Attributes

auth_value
137bdf9feb1c9bd13ac5b21e69e36343

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

299396d55d67d5be76943a5d5f4ce403.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ