redline | 0x00020000000225e5-209[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00020000000225e5-209.dat
Size

168KB
MD5

d95931952b95aaa70dae48d7c059e5a9
SHA1

7c871e42b2d7e855e9aabf611b0eb19fa435825d
SHA256

b7bbe021315ef8cba7e55a027941f8062992bba563b376b75712072ec4dccd21
SHA512

aa8b8256155dd9bb6ca6dc369c68a1a60c2f1cedfe2097e2c61410337f074b2794d7ee19a41ae4daae223c43e43fc5762b366751c53ecce50aedc13d354a0ece
SSDEEP

3072:uJaohQaSe5clFcb0iCKbqVsTQZxTcVL8e8h2:uJteaSe5clhiVwxTcVL

Score

10^/10

mazda redline

Malware Config

Extracted

Family

redline

Botnet

mazda

C2

217.196.96.56:4138

Attributes

auth_value
3d2870537d84a4c6d7aeecd002871c51

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00020000000225e5-209.dat

Files

0x00020000000225e5-209.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ