redline | f99f1c412587a58d5f735314359b2a715d7d51af018cd34b90fc6ab3c1369fb5[.]zip

General

Target

f99f1c412587a58d5f735314359b2a715d7d51af018cd34b90fc6ab3c1369fb5.zip
Size

64KB
MD5

b8a37a8a7f142058ce616b8022381403
SHA1

aa0a76602694ad7aa46cdebc44e02adcf0e5defd
SHA256

55ccab98ddbe1121c73dbec6a3f890cdf46264fbb8fa9839b7f355e7ee9a3c17
SHA512

e3cb5da24995f4cd51487ac4ec8a1c29663bade8ffda6744dda507bb775df8f50d41bde0d341f2541983f232bb8b3154f07c7bd7cee01380b15adcd1b9fbf90b
SSDEEP

1536:/2ZIo6QKI8EvPOkvyTbZUzv+Ef3P7VUJADCrKWLrr8n:+ZIo6RI8EvPOhTlCT3RUJAerK08n

Score

10^/10

dona redline

Family

redline

Botnet

dona

C2

217.196.96.101:4132

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f99f1c412587a58d5f735314359b2a715d7d51af018cd34b90fc6ab3c1369fb5

f99f1c412587a58d5f735314359b2a715d7d51af018cd34b90fc6ab3c1369fb5.zip
.zip

Password: infected
f99f1c412587a58d5f735314359b2a715d7d51af018cd34b90fc6ab3c1369fb5
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ