General
-
Target
3356cdb2e6d9271613877723bbe636487fe7ebd02769df82af359ef1c0414f65
-
Size
363KB
-
MD5
908f46ca8779899666226355687b2b7c
-
SHA1
a5f3ad5e516fc8ca247ef51fce2c12765e6ae957
-
SHA256
3356cdb2e6d9271613877723bbe636487fe7ebd02769df82af359ef1c0414f65
-
SHA512
1632d2751fa682b22cfc39dc79cc7ba3e16a22a281255177dd8c95027394e5e10d1fde5f1c0089946acadc0e1771606eba5de0ac28d818d7352273c1fe7bc234
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
Files
-
3356cdb2e6d9271613877723bbe636487fe7ebd02769df82af359ef1c0414f65.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 356KB - Virtual size: 355KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ