redline | tmp | Triage

Sharing

General

Target

tmp
Size

107KB
MD5

5874b7cecc489466aa7b2e6f15f9e015
SHA1

65c1d5f0805c80b797ba0a07734e4c37a090dd82
SHA256

f96cd73f1247afe82afaa6b582c2944951f23a7e8f7514fcb9f0fbf851b2bfce
SHA512

5d07b06daea71e40d0040c197181fea1c1557f0f62fd417eb7666ecde5adae70dcb69970fa0d032ca23586150767a0c97ac4d4ff19eab28e4315e534fcfd504c
SSDEEP

3072:XcvFBMCYspi4IVpx1xng7ty023Jt2QcFrjTrho4EASNR:XcvK3Rng7tg/cprho4jS

Score

10^/10

redline

Malware Config

Extracted

Family

redline

C2

78.24.216.5:42717

Attributes

auth_value
6687e352a0604d495c3851d248ebf06f

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ