redline | 10428217774[.]zip | Triage

Sharing

General

Target

10428217774.zip
Size

40KB
MD5

9dbde64c63caf317b84525c37ed1fa1e
SHA1

3426f6e0d32ca3157cb76237557c2b6d92bd8ef2
SHA256

59f9e8cd54da775f354624a7f8dfb9e2b6bea1004e1c06284a6e27f06e04d662
SHA512

9d564ca50f4c63b2ded78f91376c5a0ad1ed9068c1265486e884783a67ee71539f321ec8a140987f72bdc9b1beb68a5b63d5d2adcc0528494b1f34eba000ab00
SSDEEP

768:YyR4PuzV3acVrFX59ptWLlZLMT/8ruLmjlY03mKWi5Pu3ina/oPPqxPqckCysd/R:x4PuJVN9+Z4EiLeWRK195qoPyl5k1sdp

Score

10^/10

qqw redline

Malware Config

Extracted

Family

redline

Botnet

qqw

C2

193.124.22.17:23520

Attributes

auth_value
f9f2a7ee947bd248f18c6dbedb74f28b

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d04951d424700519562f7a3a4903ad4b55996f4f995f1eb0877493244bb21670

Files

10428217774.zip
.zip

Password: infected
d04951d424700519562f7a3a4903ad4b55996f4f995f1eb0877493244bb21670
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ