redline | 12395994c2a77067d926bd55285ab85a[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

12395994c2...5a.exe

windows7-x64

12395994c2...5a.exe

windows10-2004-x64

Sharing

Static task

static1

service redline

1 signatures

Behavioral task

behavioral1

Sample

12395994c2a77067d926bd55285ab85a.exe

Resource

win7-20220812-en

redline service discovery infostealer spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

12395994c2a77067d926bd55285ab85a.exe

Resource

win10v2004-20220812-en

redline service discovery infostealer spyware stealer

windows10-2004-x64

6 signatures

150 seconds

General

Target

12395994c2a77067d926bd55285ab85a.exe
Size

193KB
MD5

12395994c2a77067d926bd55285ab85a
SHA1

4e49b31beff786ee2366557d53a5bff774c81de0
SHA256

ecf6f9dbb2194cf0f5690fa57d6c473974a8449bca5cf7a7183996bfd34c4536
SHA512

5b15b579133a5f6d45c49afb49716325837072ee485a3190c351cfd14cd37be71b34a4802b189ab020251c441d3a6e5e94ba52242b8a32d2d7a27f5d36e8b870
SSDEEP

3072:WSC+pNP81Q3kCNDsno0XNH8XJgYSwcPb3WMeaCpiu+:WSC+o10snjfE

Score

10^/10

service redline

Malware Config

Extracted

Family

redline

Botnet

Service

C2

45.72.96.146:20806

Attributes

auth_value
13655ee9f4d9e76c00ac494b53295c86

Signatures

Redline family
redline

Files

12395994c2a77067d926bd55285ab85a.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy