redline | 08eb83ffe35f59101fd300683a84c476[.]exe | Triage

Resubmissions

19/10/2022, 13:44

221019-q1yzbsagcp 10

19/10/2022, 06:01

221019-gqwa1segh8 10

Sharing

Copy URL Twitter E-mail

General

Target

08eb83ffe35f59101fd300683a84c476.exe
Size

137KB
MD5

08eb83ffe35f59101fd300683a84c476
SHA1

f12281bd4d8e25768630837960143b41d3d18b83
SHA256

dbb89b29b975f4980439d7e341504a54359ad9a5b7ce68ee4e4bed4b6fb921c8
SHA512

6f665f30a12499e548bf0dd059d790ac55397925892fdd81bc140f55a3bee896ff0f9b3eec85404e651a5d88fc3cad61484669b2728cebf1d85325fc984851b4
SSDEEP

3072:3YO/ZMTF5HBICjUbX8poNYVwDFIywPKhaSSV6D:3YMZMB5HBIhz8poNvxoKhT

Score

10^/10

redline

Malware Config

Extracted

Family

redline

C2

41.216.183.52:9882

Attributes

auth_value
dbc0bb98e4ca0aa868f2f920f1730b02

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

08eb83ffe35f59101fd300683a84c476.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ