redline | tmp | Triage

Sharing

General

Target

tmp
Size

360KB
MD5

6abdd81c3cbabb8290e9238776aade70
SHA1

f99dc8749d7a8b52531d119b02bbe3dff0e301e4
SHA256

3b67741574b951d62f01e4ce4a6fc9e1a317512bced10dae3d7c35b5a4fc334f
SHA512

bead6490ebdd2a8683a947d4812b00222733734878ed7bffc04d30e1d5e5fba6c3346b80c1baaad81baadbd2b0ffec05c1b27e63ff0bb5db29a6d383e04f89a4
SSDEEP

6144:JXf85NG5ML9WSnj2ZB4lyAAi56V7KnCP2kC+9AVsDjl6yglSZiNZmF+OW57MERVk:OqiTOQyAAUi7KCP2kC+9AVsDjl6yglSp

Score

10^/10

redline

Malware Config

Extracted

Family

redline

C2

81.161.229.143:27938

Attributes

auth_value
6687e352a0604d495c3851d248ebf06f

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ