redline | rk728794[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rk728794.exe
Size

168KB
MD5

c5ab4a92d7b28c9e63598bf2eeade8e2
SHA1

e436d4127b8b2ab606d9815543b0d13c5d3b9c83
SHA256

9fdf95fef12de09adfacb495304be004bdd286c24f5c65e4b476a9b77e3d16fb
SHA512

ebab87641725b6d1849969abce588c4e6d957da11492b24bd37ca88ca9f010cd53d054116ce67a46cc6f82622f99779a4bbfbd28c9b62eb545396ab56372cf86
SSDEEP

3072:Mslx3S2F1lxJoYM0s2vqVc6F71F/aJzu8e8hQ:jlcUq0saOFfaJzu

Score

10^/10

dezik redline

Malware Config

Extracted

Family

redline

Botnet

dezik

C2

77.91.124.145:4125

Attributes

auth_value
afab3a79f84bd5003ef2824211bcf14e

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rk728794.exe

Files

rk728794.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ