redline | 220925-wx71qaghdr_pw_infected[.]zip | Triage

Sharing

General

Target

220925-wx71qaghdr_pw_infected.zip
Size

163KB
MD5

66b39f02f8aab03e7d6b0cdc63eb2718
SHA1

aa002955c8ef7f5c04237a6b0cf271a29109fcc2
SHA256

02600b5f78eb4f1c4ac76e08c96caf54661f1f74a6f2ad6f5c2ea41e5f7e25f8
SHA512

a0c4f5ebd1ca8a1208dbff485bc6e8a63b4b4065d0b4d8a8c04cb46d0a51f3d6115d70b6792091e412cfe5afc8b330fd9685f260aa71752abb79bf2544668916
SSDEEP

3072:+yzQEN5+3bCxGMX/i7Ea270jga9LHko0iMjaK07xc2e9RVGTqSeZJAHQ:+qQR3bqL/igK0a9LBvMbUxwLQTqrMQ

Score

10^/10

0002 redline

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes

auth_value
866ce0ed8cfe2be77fb43a4912677698

Signatures

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/18a28fa4959dd30b95a18a0e776f8a95f7bee73743168488b388bc5693670a3e	family_redline

Redline family
redline

Files

220925-wx71qaghdr_pw_infected.zip
.zip

Password: infected
18a28fa4959dd30b95a18a0e776f8a95f7bee73743168488b388bc5693670a3e
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ