redline | 0x00070000000133d2-115[.]dat | Triage

Sharing

General

Target

0x00070000000133d2-115.dat
Size

145KB
MD5

2aac0d1c006527cccfc3853abf82bcd4
SHA1

86c28e77e1bd0b46fb76b89537926702204aeef5
SHA256

204842d04e8ce0f6431e12622f19b0fcd66e7b5c5975e5ecc415e48226767efc
SHA512

013cfe7d1c73bd4889a5e63dc2fe792f7db3bdf8dc9fc1284fe85aa8035e5ad8c3a115304ee05376846e6a6c9a7e59f4daf4ccb72dd6c53a3a25563f3cad5f3a
SSDEEP

3072:lV+m5czQmRS933BaSrJVcXdhQZJ8e8hL:ljKHYUdhQz

Score

10^/10

motor redline

Malware Config

Extracted

Family

redline

Botnet

motor

C2

185.161.248.75:4132

Attributes

auth_value
ec19ab9989a783983c5cbbc0e5ac4a5f

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00070000000133d2-115.dat

Files

0x00070000000133d2-115.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ