redline | 916dc1067d46bb481b6faae16393c8ab1b3ed14a2c7a8e761ea77454ff999c71[.]zip

General

Target

916dc1067d46bb481b6faae16393c8ab1b3ed14a2c7a8e761ea77454ff999c71.zip
Size

64KB
MD5

749bd5bb320753589941bcc6ee499ef9
SHA1

95d96f2d8072156500d7c4c365a6a26a307499e0
SHA256

ff0eb060af1dc0db092286f2d8aee0f38484d0449e5f76f8e3c913522aa3ed5c
SHA512

4b71e1b7488ae4a6964fab673330e9474579cb98fda9add0454c7dfbc0d5251d4b5039b723b76d2b33ae4cb25ff2a02ee7d5551337bafacd639516451bc8dd67
SSDEEP

768:D7XpbkjCSR2owtUQwAYVEoLqczX/zyWYVbrtB0eb4Xxp6SZuLTHBqY7qin+bNG9T:nxkGE2o0CBbLtYVbJ6eMXxwJvdnW432W

Score

10^/10

douma redline

Family

redline

Botnet

douma

C2

217.196.96.101:4132

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/916dc1067d46bb481b6faae16393c8ab1b3ed14a2c7a8e761ea77454ff999c71

916dc1067d46bb481b6faae16393c8ab1b3ed14a2c7a8e761ea77454ff999c71.zip
.zip

Password: infected
916dc1067d46bb481b6faae16393c8ab1b3ed14a2c7a8e761ea77454ff999c71
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ