redline | r36622334[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

r36622334.exe
Size

172KB
MD5

331f6fac8d871a97d75c5da4af1d5859
SHA1

edfc017d0bcca50cf1ca1eb9f02d46392ac03d68
SHA256

53e148159ff9d9af61a3c0e5e29b99929e33d88d99c348fa6b8305c362ce8a74
SHA512

61baf95ac1476190adb6f02a55661502a376696c9e38d1ddd5d8d9588c5386547d5e2313be78d64e6b88caa63359fee45f732ebc49c910c610e202ae3467d6ad
SSDEEP

1536:ZMtBxUqlVZRGWW3pasr8x8DWGPvyJqFaR8RTGqVabuZqp5F2uPB83wYkp8e8hd:+tbk3Uxel6JPRjqVOs2X2uPBH8e8hd

Score

10^/10

dark redline

Malware Config

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes

auth_value
ae85b01f66afe8770afeed560513fc2d

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
r36622334.exe

Files

r36622334.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ