redline | tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

95KB
MD5

67bd89ea499879545a4784b1ba387b91
SHA1

deda531f1dd4184cbf9bd6510ad7dc031a70d881
SHA256

3fa6c58111fc4206801bdfba23fbe2b3750b0b2dc91e191568f7b31d35f86a27
SHA512

3d7750efaa0ba73a3e708a845590789d4c385e47397819343e2a4ae2dadbe7d151c3d1fe0a866bf579136fc30450610b3f993696015a6ece54d80ed285eb9f7b
SSDEEP

1536:FqsIaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2xteulgS6pQl:D3ZeYP+zi0ZbYe1g0ujyzd1Q

Score

10^/10

@pr0xybro redline

Malware Config

Extracted

Family

redline

Botnet

@Pr0xyBro

C2

37.77.239.239:15352

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ