redline | 48a23aa3218539f006433cace2d210ac[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48a23aa3218539f006433cace2d210ac.exe
Size

137KB
MD5

48a23aa3218539f006433cace2d210ac
SHA1

ff971a5e22ded44ece04f5d55f4da7f506f932dc
SHA256

61b6f378708dad610ed8d4665cbe460d91ffc2615adc28817c2c3f01352b00be
SHA512

829f5a76a895d4994b7db011f2a5d305bc9d5028ee7278491f120045529e6b980d8a683520a1aaf3c6d2162b983aed3db240094eeafb1bb30cfd499ca05fc028
SSDEEP

3072:nYO/ZMTFVhLzZLuU3spuXBpV/8DFvyhPLhESS0v:nYMZMBVhLzcksEXWcZLh

Score

10^/10

acula не трогать redline

Malware Config

Extracted

Family

redline

Botnet

ACULA НЕ ТРОГАТЬ

C2

80.66.87.21:2500

Attributes

auth_value
49abd863c99911e0040c5266436f34cf

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

48a23aa3218539f006433cace2d210ac.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ