redline | 0x0007000000013990-106[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0007000000013990-106.dat
Size

168KB
MD5

51564b7c4f9e0a040938096d731cddaa
SHA1

ec1c39722be8c4e183f8a923e58363832bae6027
SHA256

83537ff8df3abfb11326fc4f36e10dc8796998444e21ebdfe174bc4fff5b29f5
SHA512

b26710ce569fbe1dbbf9ceb465dd2c4f348de3c947fc557e32f65494d6290554319b6daa9c7789b6c7d50b8d0fdd26c03e7e330b983b0156f937166ef7496494
SSDEEP

3072:rC3YAOj8Wc2CC8cO7qV2k2obrgOdZ8e8hr:8YAh2CLdVOrgOdZ

Score

10^/10

mauga redline

Malware Config

Extracted

Family

redline

Botnet

mauga

C2

217.196.96.102:4132

Attributes

auth_value
36f5411cf117f54076fbbb9ea0631fee

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0007000000013990-106.dat

Files

0x0007000000013990-106.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ