redline | main_payload | Triage

Sharing

Copy URL Twitter E-mail

General

Target

main_payload
Size

422KB
MD5

7ffe9f03cea4c6f27e298887c391b9a5
SHA1

1685da197af064739b5858292fceeaa81147ed72
SHA256

9658a30047665e394267258f77265646edc0fde248a8ff91d28246155cf35f99
SHA512

3acf1be8120c55941e4fa21f39b2e43ce2cad36c93f06733f4b62f8d35203ffa18721f9bdc37aa905409d3f63a061a17148347d206f1122424e2647fde227b84
SSDEEP

6144:2YMZMB+dLoPjnNtWAA8hilXly3WRDu9r6o1XE5vIJkGVoL2Y2:2YGMjA8k1eWRD232wlCa

Score

10^/10

millionbaks redline

Malware Config

Extracted

Family

redline

Botnet

MILLIONBAKS

C2

195.201.122.190:40127

Attributes

auth_value
4936a4b785b5f463bbe10202e0ae4554

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

main_payload
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ