redline | 73096617035a06fc8af586f03ed811ae75f592ff0632c9fcdc3f4bd5c0a8efeb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

73096617035a06fc8af586f03ed811ae75f592ff0632c9fcdc3f4bd5c0a8efeb
Size

137KB
MD5

a614bd07db7669b66a3f4984acea6eb3
SHA1

429b4689440f375dbfe8dc0311c0d387f5e51b04
SHA256

73096617035a06fc8af586f03ed811ae75f592ff0632c9fcdc3f4bd5c0a8efeb
SHA512

50ee0c886ba607fe6f0f36d224aa19ffcba1843fcbe1b8de9732c2025f68609f984f0681444e758be7361a64a1f16f5758d90971d1b0e01d9e44643eddcff1ac
SSDEEP

3072:8YO/ZMTF/n+IILj04xkk7NgfmWFIyaXJhASSMM:8YMZMB/nbI8F5m4iJh

Score

10^/10

3ae redline

Malware Config

Extracted

Family

redline

Botnet

3AE

C2

184.105.114.47:38755

Attributes

auth_value
816ab54fa1e0d0d0ae8d488334211f3c

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

73096617035a06fc8af586f03ed811ae75f592ff0632c9fcdc3f4bd5c0a8efeb
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ