redline | 5 | Triage

Sharing

General

Target

5
Size

134KB
MD5

eee2a2e19ac7981a8b8c2034a5189bca
SHA1

d4b93c2a3785a26c8561212cf17bcf553e0d0910
SHA256

3e932afdaec3ccf18e5dc0ecaf45d8e1f7e150e2adb1a9c92dc0430ad1902fd5
SHA512

cbfb51d6ba65f76521cea1df8d22e2e4f38b5df3b4f5219a4a5e5ea44a57bb3515320385a61d8350939dba20791291a4a6bf1656a1940ac0f5db95ecf5ecbc97
SSDEEP

3072:5GEQua8BQCMakbvAFnJaFvwOQThtyBfG:5GEk8Hcy1PThy

Score

10^/10

redline

Malware Config

Extracted

Family

redline

C2

62.204.41.141:24758

Attributes

auth_value
c425d353638c8e0ad4d560ef01a33228

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

5
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ