redline | Reassert[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Reassert.exe
Size

12.0MB
MD5

079feda86cace84e8ca835e146ab0f0c
SHA1

861f07dde91050ddde3dac3661df026522978ba7
SHA256

519473fca2e44db4cdad27b01ad3282b0dda78a0709c16d4be200fd2086595f8
SHA512

d501c800d79eb4c5f491f59042d8738e05d2c814ab50892f94eab978d4219e77726d07e5ed722251b06c91236e46f4a00b252e8378dbff5d6cad77086cfee0fe
SSDEEP

1536:W9GETCdPRendZAye/9feF5rUFELstndfAUOyV4obuc+DMPjhQco0wuei1+b3d34Y:+GE6ud2hxtAFyGYFywhQcohlGLc

Score

10^/10

redline

Malware Config

Extracted

Family

redline

C2

79.137.192.7:39946

Attributes

auth_value
1724466b9f82e0d737247a7e8d9ad8a3

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

Reassert.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ