redline | 99c3c0ed23b9fe641a165bbcb960ff837792ddfbcfdb9556f1a9cdd483c4f083 | Triage

Sharing

General

Target

99c3c0ed23b9fe641a165bbcb960ff837792ddfbcfdb9556f1a9cdd483c4f083
Size

107KB
MD5

6a57085029e274f9582b157e912f6185
SHA1

2f03284fa31ec8f46b9a49e59ff01971bb13a2f1
SHA256

99c3c0ed23b9fe641a165bbcb960ff837792ddfbcfdb9556f1a9cdd483c4f083
SHA512

60a89d767224bc7ab307f8a071cb8e560dfdcc77aa99606b554b07ef969feccb0da04ef4057f2293928fdc6abf03dcf8701612af74285d3222c1b458073b7499
SSDEEP

3072:IcvFBwCYFpiFIBUsVo6On1b1QcYT9Doh+4EASNV:IcvO3e6Atecsoh+4jS

Score

10^/10

bartlnkvideo redline

Malware Config

Extracted

Family

redline

Botnet

bartlnkvideo

C2

80.66.87.52:2500

Attributes

auth_value
b68ae6d0a137b26547ed29989071169a

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

99c3c0ed23b9fe641a165bbcb960ff837792ddfbcfdb9556f1a9cdd483c4f083
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ