redline | f3d8ab0e8899b55ea54d1a998fe7ac50[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f3d8ab0e8899b55ea54d1a998fe7ac50.exe
Size

218KB
MD5

f3d8ab0e8899b55ea54d1a998fe7ac50
SHA1

130e6b891dda1de2f358dc16b91d90ac4c615880
SHA256

9e3d27da52d3fa4b06535dc74576933d3551508f24c78222dcfc48837d487b51
SHA512

5e234f381a427a436f1201047adfdfab423048168d3daf181b811037fee371e14d3bc71df84af8af17a52186eb606b8d827eaa4f3189f981d6df81f0464b66a7
SSDEEP

6144:MYMZMBXfJgOKd0/pqnVmBuhv43X3Y8w7KX:MYGMqglBup4XRw7K

Score

10^/10

https://t.me/gold_cloud_logs redline

Malware Config

Extracted

Family

redline

Botnet

https://t.me/gold_cloud_logs

C2

45.15.156.3:8296

Attributes

auth_value
6f5c659f15f9b77853fe26606ccc57b3

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

f3d8ab0e8899b55ea54d1a998fe7ac50.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ