redline | k8475577[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

k8475577.exe
Size

168KB
MD5

112a2f57ae0c342e4f9f9caa8ab21d14
SHA1

4055ebd0ce597822dc1ebf905f5bbcb382dd41e7
SHA256

07f530d36216d19abedfc9065e6507a43b08908fa9f301e39d10449254ae69e9
SHA512

b8dbadd4b35ac3360c9e44666bec9d9c5cb6c84a57497e66d2ce42b76be598551a1a17141a32f998c95ad405f558faf3c0e74ba7f0d89de242be2077f9f58863
SSDEEP

1536:bO5wJnqlVZRGWbD7irbYzNegMVBq0ZjTGqVQbuVP6yue/b83wYkz8e8hy:bO566sYOqAuqVgc63e/bt8e8hy

Score

10^/10

darm redline

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes

auth_value
d88ac8ccc04ab9979b04b46313db1648

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
k8475577.exe

Files

k8475577.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ