redline | 432c28d3c9df41b34a09867754a5e52f[.]exe | Triage

Sharing

General

Target

432c28d3c9df41b34a09867754a5e52f.exe
Size

134KB
MD5

432c28d3c9df41b34a09867754a5e52f
SHA1

ae22eb68738be66ebcd0703683a5a1c6625ec544
SHA256

d0b0ce1e50010c40e65b1afd4b7b037b3c78d928813d1d3111e5e89b81e1f332
SHA512

c9e20013d4c21b32d3295ae51a26c40f1164d98acdfd1c7a79eecd1c0f5c310e0849887b7ed826db16bdaf05fc0d2b35a8338c34f9115746d1b49f64cd58ffe9
SSDEEP

1536:4QGETCd3RendDFAyE4+/Ws7lxcPW1+jBt80TTjJfAUOlZXbuc+6MPji4l0wuei1P:VGEiuDpONu80fjBAFlZLFdwi4lhXhO

Score

10^/10

redline

Malware Config

Extracted

Family

redline

C2

37.220.87.2:29444

Attributes

auth_value
54bc6b67c7fbda32080e50164fa7e9df

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

432c28d3c9df41b34a09867754a5e52f.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ