General
-
Target
c55dfe59731bc3cc8006e5df3a4882014ed9e6fb632e8982eb7ebf1b7a321c68
-
Size
361KB
-
MD5
577ba4f5a9d1f34f04da919313c5174f
-
SHA1
29eee78f840776ec4eb9621ffe032d0d91d4df9e
-
SHA256
c55dfe59731bc3cc8006e5df3a4882014ed9e6fb632e8982eb7ebf1b7a321c68
-
SHA512
0ccb36b80d748b1734ade9d87e946f7d9c44637cd5fe8d7d73ebab41ac0be0e3e5b0fa21d8022da3cc95f1e2ec33b7f62328e6de593567b7bc0bd80a3ac83e1e
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
c55dfe59731bc3cc8006e5df3a4882014ed9e6fb632e8982eb7ebf1b7a321c68.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 356KB - Virtual size: 355KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ