redline | 655e3903f52425e357d27eac6c824b17e569508249e37d718d16372802c124bb[.]zip

General

Target

655e3903f52425e357d27eac6c824b17e569508249e37d718d16372802c124bb.zip
Size

86KB
MD5

bc254c5fd6fc05ccc7f9386418259313
SHA1

463d1de42d09636afc81b989ebf93d53988d86e7
SHA256

380e2a5c9efcce0864768f25485e223641d0fda3ee1ab1d2263cdf83efe8cc9b
SHA512

057e03467dfb2d552b706ad1b924179d9446b7397b9bc23fed4c3b6d44e8998763f2262d38d0d222987f84d66e9ba7cd3b9362944c36bb3c7300673a6316dda9
SSDEEP

1536:zP224wMQEFK26daCKUtZjOBYluT5gDXjW+oqXD+rsJq5c8D08oDp8:zh4ZK26IUuC7jWu+rrvUDu

Score

10^/10

debra redline

Family

redline

Botnet

debra

C2

62.204.41.211:4065

Attributes

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/655e3903f52425e357d27eac6c824b17e569508249e37d718d16372802c124bb	family_redline

655e3903f52425e357d27eac6c824b17e569508249e37d718d16372802c124bb.zip
.zip

Password: infected
655e3903f52425e357d27eac6c824b17e569508249e37d718d16372802c124bb
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ