redline | 0x00060000000142cc-106[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00060000000142cc-106.dat
Size

168KB
MD5

d84b3db9460f343ec1881079ac468374
SHA1

287356cd15004fa5e908debf32cac1f668df9f84
SHA256

30d9d39c3108758e6b6c5723e54b05d3c9dfb80350374823d65d404940af464a
SHA512

ec600671bd462bfca9e08b9cbdcf1732d5753b5c2323cf2ab1c22594f552404363c7cf0f216b3ec123e000f256277422a8d0dd0c9c89916d71f43df207a11974
SSDEEP

3072:ar8OrVrw8WbTQqVMU/X4nDH10iCrTQcg8e8hH:adrVss73DH10iCrTQcg

Score

10^/10

lurfa redline

Malware Config

Extracted

Family

redline

Botnet

lurfa

C2

217.196.96.102:4132

Attributes

auth_value
f6c26c2a5c6c25ae5b2e9abf31f6341d

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00060000000142cc-106.dat

Files

0x00060000000142cc-106.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ