redline | 0x00090000000122e3-78[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00090000000122e3-78.dat
Size

145KB
MD5

94aaf45de0651add35a6c12af1aef3cb
SHA1

db83b68bc331ee1e86a6f8f02f739e6f218dca8e
SHA256

5badf6613f8a3fa641123089f63cb079a52b90b0ffb636a964d78cded15f46e8
SHA512

2457d6aa0b72cf7d1fe9a8ec1be5f1deb76a0c8f09d258e2e736d236acaa9c4ab8d3a7f8d610c3638464014e17487985cbb16fc80de9e409c91b1ca74d01e811
SSDEEP

3072:UV+m5czQmRS9xQQ+SDjQS4lheZZ8e8hL:UjKGOlhej

Score

10^/10

dizan redline

Malware Config

Extracted

Family

redline

Botnet

dizan

C2

185.161.248.75:4132

Attributes

auth_value
b14d665c7bca8407646527036302d70c

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00090000000122e3-78.dat

Files

0x00090000000122e3-78.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ