redline | 397884cd03869685af9d3e4ae37085134c2e8bddc69e6ed8720ba968acb94506[.]zip

General

Target

397884cd03869685af9d3e4ae37085134c2e8bddc69e6ed8720ba968acb94506.zip
Size

64KB
MD5

39068d36498337728c73b32c3e048b00
SHA1

839d85faa448a7a412552229824652f76075c177
SHA256

a657ae5de497027a09f836ef5b883d74a570f4d06b6c9740a6d719a0dc64fcc5
SHA512

ea45b072b9d3d05e259457b6abe773e211e67d6d5ba04ca095c8274e20a497e6e00ad90a91e7eabc1ac7396f3fed20e17c9ddb03a55620ba4fa31efb7beca127
SSDEEP

1536:wK+JOJVDokrqrbGXkOiAZCberAcu1Kc60ngw0UBTGArbciZDX6:wrMJVNOvG2irhWJpgwRTPbciZD6

Score

10^/10

lipo redline

Family

redline

Botnet

lipo

C2

217.196.96.101:4132

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/397884cd03869685af9d3e4ae37085134c2e8bddc69e6ed8720ba968acb94506

397884cd03869685af9d3e4ae37085134c2e8bddc69e6ed8720ba968acb94506.zip
.zip

Password: infected
397884cd03869685af9d3e4ae37085134c2e8bddc69e6ed8720ba968acb94506
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ