redline | 0x00050000000162ad-151[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00050000000162ad-151.dat
Size

95KB
MD5

c13f1415e6391842442bb2155886cc55
SHA1

a8b139793674f838e1b4c08b1060c1b126f36d35
SHA256

1ce891441bba522c7db91ca01fb49dee064287f29fcf77322743874389c96271
SHA512

33eb318ab6122a304ef4379d90330b4d42ccbba3a5edd8bcd4bf66bcac49ae86b567d9921d68e542fa201df90283a5fe47e5fab802798bf119ef68ddd3177894
SSDEEP

1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2W3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdwY

Score

10^/10

cheat redline

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

172.245.244.88:1198

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

0x00050000000162ad-151.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ