General
-
Target
526c48fb176c9dd5a9395baf8f5c8838.exe
-
Size
137KB
-
MD5
526c48fb176c9dd5a9395baf8f5c8838
-
SHA1
35cbc8b8e14914ae7d12e5129545a63a61b5b73f
-
SHA256
31eb714b9056028fc51c85cea648a6c86a39c0f3fa1e140c142bc926ff67bf95
-
SHA512
b8e4af0601021a05453e4ae4271d87f743eee6c02f6a8b85d967a7e220609ea42c82beed84b7d2a9dd0652edfdcdc1d6792502a9c759fb4e910ef7ed53b18298
-
SSDEEP
3072:SYO/ZMTFzrEIjLHy17leDQ7R7V1DFW7RX5hdSSl4:SYMZMBzrEI/8lOQ1uB5h
Malware Config
Extracted
redline
@xtng1337
82.115.223.45:5435
-
auth_value
89c32838f0ed190d685fbc00cc7a6b3a
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
Files
-
526c48fb176c9dd5a9395baf8f5c8838.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ