redline | fea8eab82a085398391ac96558f6bc65[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fea8eab82a085398391ac96558f6bc65.exe
Size

137KB
MD5

fea8eab82a085398391ac96558f6bc65
SHA1

f4d6816e467b6f6181a9ee6b113a14514d138988
SHA256

8a7a6bc99964a47bad4fe20d6270ea4bd4b35ef1c7add8a682292a175b409edb
SHA512

25e32b4bee45d8fcc6813f35c4f4ab4082e8b0b3eba47a0e25647f0b8d0b5240607badc4e75c13f84a75e0744778de19c605c278852f52e2fae8ff3dcfbfbb8b
SSDEEP

3072:nYO/ZMTFPXuIQj/9TPOaaX0VzDFpCRP+hDSSI6a:nYMZMBPXuIQ5POaaXc2p+hd

Score

10^/10

luxe_cloud redline

Malware Config

Extracted

Family

redline

Botnet

Luxe_cloud

C2

45.15.156.3:8296

Attributes

auth_value
b9a29549c8e6859761e0fe242aa85e87

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

fea8eab82a085398391ac96558f6bc65.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ