redline | 307ebe4e9be27732b92d2f89f2fb3be1babed8b237d9bbb239e733919d99bbe2[.]zip

General

Target

307ebe4e9be27732b92d2f89f2fb3be1babed8b237d9bbb239e733919d99bbe2.zip
Size

64KB
MD5

e558a0d896b5cfea266cc295c45fad3c
SHA1

47b2dd2618e16a07f919cf986d9e9d7225ee43a5
SHA256

87a8176ad728f993cfbbc18e3a76327e602378800dfb6b35bc533d1162cd0567
SHA512

b7e55988e2896b2991e97e0b563c4ad5f5cab842d2803d0bb2238fa6f453a2974e9da332babb656a7f36f27ff43353c416da69f0825ef0d930e797d755e771b9
SSDEEP

1536:rj8ibNb5L/lAnJPSmHUDAMjcARnWHRTVD5l:rj8iV5jlAJzAAMjcqn2Rt

Score

10^/10

dease redline

Family

redline

Botnet

dease

C2

217.196.96.101:4132

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/307ebe4e9be27732b92d2f89f2fb3be1babed8b237d9bbb239e733919d99bbe2

307ebe4e9be27732b92d2f89f2fb3be1babed8b237d9bbb239e733919d99bbe2.zip
.zip

Password: infected
307ebe4e9be27732b92d2f89f2fb3be1babed8b237d9bbb239e733919d99bbe2
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ