redline | tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

95KB
MD5

3d3e09551e0dfbac2bf6c08bdb0c2bf9
SHA1

8d9e63b15428542b1100af979a5f617e19814160
SHA256

4aa21c67eaefa9adf021c6921271c2b3676972714092e6bd71f25f0978884e24
SHA512

d063a86cc343047a7c15e09bf9cff202b97e70ac30da50245cd9066627d553d121af2675f63229da0ba47cc31568a69eefee0f7b08494c51de2ebf9c660c1c2e
SSDEEP

1536:5qsCbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2+ytmulgS6p8l:XEwiYj+zi0ZbYe1g0ujyzd7d8

Score

10^/10

money redline

Malware Config

Extracted

Family

redline

Botnet

money

C2

146.70.124.112:15773

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ