General
-
Target
1c0a491e520fdb97b485b59813222b919a6a4e8e23119d01e68653b289a1c586
-
Size
363KB
-
MD5
e16e7d3da56d8f9414564093ab03a2fa
-
SHA1
b4da3c4330b5a94055b02eb5f78fe590f6dcc4c4
-
SHA256
1c0a491e520fdb97b485b59813222b919a6a4e8e23119d01e68653b289a1c586
-
SHA512
d40163189f8aa032968ba5c1c6c583f351b5279a43a24bcafc5b68fc082e8a616751c22338cbf4ea7b79df5ddd3f15142133cbc720e8042867c6101cfefc888b
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
Files
-
1c0a491e520fdb97b485b59813222b919a6a4e8e23119d01e68653b289a1c586.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 356KB - Virtual size: 355KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ