General
-
Target
b17a8d0aba2a3e3a91dca43b68502c1ed99355e9bf737dd9a5cccd5e60c227d9
-
Size
361KB
-
MD5
89e4eb90b899082316ddf4dc4c478217
-
SHA1
8420849ae27e6985dd1a97833a20283c9838ba67
-
SHA256
b17a8d0aba2a3e3a91dca43b68502c1ed99355e9bf737dd9a5cccd5e60c227d9
-
SHA512
a58eff777c1bea40fefb47396e9974b5bf2f5c09e76940e43dce1898bdd6cd0573d632d58136b2059e2291d7edfe81d3cfb4d8b146645af6399a336ecb100bce
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
b17a8d0aba2a3e3a91dca43b68502c1ed99355e9bf737dd9a5cccd5e60c227d9.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 356KB - Virtual size: 355KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ