redline | extra[.]exe | Triage

Resubmissions

18/10/2022, 04:21

221018-eymbzaedg7 10

Sharing

Copy URL Twitter E-mail

General

Target

extra.exe
Size

137KB
MD5

0072395e192397b4f98bbb6852d1d495
SHA1

8246494746644b90380a4458e9248e7f3341ad8f
SHA256

f6eb83f11c4e97e037def9bcca9685beaf38e7a172f4b60e28ba9b479657db2c
SHA512

1c5cba2c03ccb36faf837a69f89789f854e5625a428990427d2fca796864420b5648889157ef79efc10b6873a59e640aa6ac4a6ced1652927f3f9eab0b7d9e5d
SSDEEP

3072:qYO/ZMTFFR4vIwr0T3zQaabwVyDFZyRP/hASSw6R:qYMZMBFR4vIrjzQaabZGp/hy

Score

10^/10

birjro1 redline

Malware Config

Extracted

Family

redline

Botnet

BirjRo1

C2

79.137.197.136:23532

Attributes

auth_value
278e5c62cf6a9bb4e0ab732b17b0368e

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

extra.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ