redline | 1b3a7243e460cae69c7379e4db18b05f[.]exe | Triage

Sharing

General

Target

1b3a7243e460cae69c7379e4db18b05f.exe
Size

96KB
MD5

1b3a7243e460cae69c7379e4db18b05f
SHA1

81ea18f4b4226c9d399f046061917491a05f8987
SHA256

b3eb3e4a5b10031072846f195aaba7454547b00e4913cb418d9c4418552b7638
SHA512

8d493b14242c832cfddc537e898c6ec57127f6cc965b45781fe5999e4dc93bca815f497be02c0cdee3039c3f7e897139cf71ce37730e0e787e58b530e0502083
SSDEEP

1536:V907dc8LdlbG6jejoigI2yYLB3UicrMFW08UAiqumbfcxv0ujXyyed13teulgS6F:o+e7Y2ciRWjUA57C0ujyzdOT

Score

10^/10

1215935142 redline

Malware Config

Extracted

Family

redline

Botnet

1215935142

C2

94.131.106.92:48731

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1b3a7243e460cae69c7379e4db18b05f.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ