redline | 0x0007000000023169145[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0007000000023169145.dat
Size

169KB
MD5

b5fef1042d166a97faf1e19ef1eb6f99
SHA1

f0d19ad8c8ca44609816c848565cc5ca2cd19e75
SHA256

7c0e89e1c3c63623bfe80d95439b2b10d94a71314b3901b99d808af0e6cb0a1f
SHA512

259c226983524da211d364aa16783d92ba390dc444c8dc2605e247b326965acbbcf3e020f83e1155217754ac5e29416b32be37d4c348765192e0e625bc88027c
SSDEEP

1536:bO5wJnqlVZRGWbD7irbYzNegMVBq0ZjTGqVQbuVP6yue/b83wYkz8e8hy:bO566sYOqAuqVgc63e/bt8e8hy

Score

10^/10

darm redline

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes

auth_value
d88ac8ccc04ab9979b04b46313db1648

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0007000000023169145.dat

Files

0x0007000000023169145.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ