redline | 53bff074cb42df5106e24a0c3ebeea5b[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

53bff074cb42df5106e24a0c3ebeea5b.exe
Size

95KB
MD5

53bff074cb42df5106e24a0c3ebeea5b
SHA1

11b7a4e40fe451f4b02448dc3b1b41851db2b42f
SHA256

cb6d66cbdcf25b7d8ec480a8488a3adfa55b2344b1da80ad375d02e09062d8a2
SHA512

dd1947ab1cf61597c1c72a124fa285dc4481c2a5fd42107273920466728f217413d496ae79b38f9e860560543ee49e36f15c9a5b3686b9fddc84fed3f4d0fd96
SSDEEP

1536:NqsCoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed2WXtmulgS6pIl:731FYH+zi0ZbYe1g0ujyzdjAI

Score

10^/10

first_build redline

Malware Config

Extracted

Family

redline

Botnet

first_build

C2

194.190.152.20:57105

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

53bff074cb42df5106e24a0c3ebeea5b.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ