redline | Builds[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Builds.zip
Size

63KB
MD5

1e9e52822553850011295895b2ddd01c
SHA1

b2261e386db6a6bad6a3c2c2eaeaf3701b0c3e5f
SHA256

70ff817526eb313f496e7f8172a6ad38ac15964c9eb55bc58bb69c19b4ca6768
SHA512

4790f235b64dac88a8f640686515a4e8c2c29b6d28ed27cd2c2829737e8f9a10ed9544f39c80bfbcf53b2953aa714d55578a340eba4b23ea03635a38640befb7
SSDEEP

1536:NdSXcLjJzWafc5o86YEaNXgRZ9gMTIu27kknl0ucRaZ8:bj5WafZIEaNyEXkEl+Raa

Score

10^/10

setup redline

Malware Config

Extracted

Family

redline

Botnet

setup

C2

13.73.231.149:28450

Attributes

auth_value
cb524d107a7e1891b47601cc57113112

Signatures

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/setup.exe	family_redline

Redline family
redline

Files

Builds.zip
.zip

Password: 1qaz!QAZ
185397198_332489478295497_2766143383385722271_n.ico
setup.exe
.exe windows x86

Password: 1qaz!QAZ

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ