redline | 0x00060000000142cc-106[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00060000000142cc-106.dat
Size

168KB
MD5

9b12918716e8f843d48ff9244b136e9f
SHA1

fd227b2258d02b3d2302d09f6a8d622a6a8e8f29
SHA256

3680bdabf5d32439c1371a82e80ad992910679ea1045ad894b4b10d2904cc4e1
SHA512

13b952b5dbc155f6ef74c271928536b4d6ff75a1b334524286476df8876fdaa2cb06cc6257a26785b5094fb0c43d8a66c51ef57f8097918cec4eacc5fb33ec98
SSDEEP

3072:ar8OrVrw8WbTQqVMU/X4nDH10iCrTQcg8e8hH:adrVss73DH10iCrTQcg

Score

10^/10

lurfa redline

Malware Config

Extracted

Family

redline

Botnet

lurfa

C2

217.196.96.102:4132

Attributes

auth_value
f6c26c2a5c6c25ae5b2e9abf31f6341d

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00060000000142cc-106.dat

Files

0x00060000000142cc-106.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ