redline | build[.]exe | Triage

Resubmissions

12/01/2023, 00:09

230112-afje5saf3w 10

12/01/2023, 00:05

230112-ac5tzaaf21 10

Sharing

Copy URL Twitter E-mail

General

Target

build.exe
Size

95KB
MD5

a24c8182b414b68c7bb4de20b944d8e1
SHA1

b21cd7fdf48103d6e64a69176cd1edf0554b9b3f
SHA256

b4a7d1e6d919ce4767dc0fd37d2594bab3fd07c7630020e6e9dc9ec166947dd2
SHA512

92b5df941b6c3fbaa119682445fb93834c0102e4d49974630bf046088b0716dbc16def332110399b8df978e66fac8b8d9734a91593871de6d2fd0f465d194afa
SSDEEP

1536:1qswlqWWlbG6jejoigI/43Ywzi0Zb78ivombfexv0ujXyyed2/3teulgS6pg:zgReY/+zi0ZbYe1g0ujyzdzg

Score

10^/10

cheat redline

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

127.0.0.1:57857

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

build.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ