redline | 0x0008000000012324-133[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0008000000012324-133.dat
Size

168KB
MD5

bb52609a52de3138a0ebd1c259d477cb
SHA1

734ddf63bcb49676bccfb27c0bb416bbfdd84bda
SHA256

9c88e8fcf6d229cd2716159182ed0ecbbbccc9409d1d391b77304b298e56604f
SHA512

23b9e28509a2b0fcd9fc0fa6e468dad1260f3137ee2f538852fb2add15846ce275cfd4dc6f0ab37c3cc73c5da47e71d3f7e75439e0b5f890d807143712acbaae
SSDEEP

1536:TbVVYb0a24vqlVZRGWHDsr9VeksZL9FLhoiTGqVobu/fl6+W/t83wYk88e8hP:TL9L4OudU/iXqVYkl9W/t68e8hP

Score

10^/10

lupa redline

Malware Config

Extracted

Family

redline

Botnet

lupa

C2

217.196.96.56:4138

Attributes

auth_value
fcb02fce9bc10c56a9841d56974bd7b8

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0008000000012324-133.dat

Files

0x0008000000012324-133.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ