redline | 37629be22408d93d6d9d3e74318a642fd961c58f67424e850b9d428ad5441009[.]zip

General

Target

37629be22408d93d6d9d3e74318a642fd961c58f67424e850b9d428ad5441009.zip
Size

89KB
MD5

4efc88818818ca493823e7efa29bc043
SHA1

9acddd52621bab8ae29a2b6a96e65c6bbbc284be
SHA256

6af78646c93d5ecbc4474e69575e4ff8d89574c88e64b3493cb4c6f1350a7c65
SHA512

4e59bbbccafc067262f0070341d9b76f6c126c9a5815ab7716639eff9c4bbf71777fd30e78b0b7f8908d0fa80d2a78d914ea450aad1b078212e03ebf7c839249
SSDEEP

1536:aodB7dH26SgVO+EeU9ObPl3vQqcUax7EpigcdT2kq4HIP3iU1VkwErJzeuCBWS7R:aozZ27gwveU9GxwUQwp7UT2TaTQlYVx2

Score

10^/10

redline

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/37629be22408d93d6d9d3e74318a642fd961c58f67424e850b9d428ad5441009	family_redline

37629be22408d93d6d9d3e74318a642fd961c58f67424e850b9d428ad5441009.zip
.zip

Password: infected
37629be22408d93d6d9d3e74318a642fd961c58f67424e850b9d428ad5441009
.dll windows x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ