redline | 77A77CF7A2CEB4C48803A25DD723B9B6D4CB5AB573BA6[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

77A77CF7A2CEB4C48803A25DD723B9B6D4CB5AB573BA6.exe
Size

137KB
MD5

bd697abed0d959895c48f2f1e41d4c2f
SHA1

a74259ae109550c3bcb5fa3746ba006e6fb2bf85
SHA256

77a77cf7a2ceb4c48803a25dd723b9b6d4cb5ab573ba6c44bc07eef3444dcd52
SHA512

6b8b8232e05452760da9591a7d977e0120d1acdeb9a2a449075abed91f7eecfaf5a13dadcdf869fc3121a98d8bed6a15948b65b149f3202cb96c33b553e30068
SSDEEP

3072:QYO/ZMTFjTDYI7TGgo/aa9hVTDFE5RPtheSSU6/:QYMZMBjTDY0po/aa93EpthI

Score

10^/10

170922 redline

Malware Config

Extracted

Family

redline

Botnet

170922

C2

23.227.193.20:15535

Attributes

auth_value
fc464bdff6348bc01675dc75a7177ac2

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

77A77CF7A2CEB4C48803A25DD723B9B6D4CB5AB573BA6.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ