redline | g6344282[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

g6344282.exe
Size

168KB
MD5

c9c9e2bac6fcda7584a01db62be4f82b
SHA1

a06fa1d010d2691e3e4f44c6e0577b6868c897f0
SHA256

79024f53e763c48298de616f4cf8ac700e1baee320025af9d0108fcca0a5006a
SHA512

5abd7e593773ef6f5289e7ff5217c7184e69363f3474b09870ae55ba58dfed0d4b2b05eb6b585e26d5518a0ba26f5034c6afa1961cf3c5c9e592d25dbbd19afc
SSDEEP

1536:ifWUYxyGqlVZRGWFxDrkNla5RKDecm+sVsa+ZTGqVIbuSN5IDoVayvp83wYkB8e/:fwBN5fp+dLoqV4lIkVayvpr8e8hi

Score

10^/10

dease redline

Malware Config

Extracted

Family

redline

Botnet

dease

C2

217.196.96.101:4132

Attributes

auth_value
82e4d5f9abc21848e0345118814a4e6c

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
g6344282.exe

Files

g6344282.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ