redline | 0x0009000000012314-78[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0009000000012314-78.dat
Size

145KB
MD5

e6f30d40bc82da45356bcb0c3b5c45be
SHA1

b6eef2504eba6a57ce53b99d28c848697c299bee
SHA256

acdb747cda937841605c5d192fb019dad54855090416900c540a70147b152bd3
SHA512

95e6c379dc4d57da8c48990114bf49a4fc4b4a8877fab3e90d5a6409b8a4f35cdc4cf93b46eb5ade62c91fb7df53980d6117490e62106dd6a0e6b4b690ea1aca
SSDEEP

3072:UV+m5czQmRS9xQQ+SDjQS4lheZZ8e8hL:UjKGOlhej

Score

10^/10

dizan redline

Malware Config

Extracted

Family

redline

Botnet

dizan

C2

185.161.248.75:4132

Attributes

auth_value
b14d665c7bca8407646527036302d70c

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0009000000012314-78.dat

Files

0x0009000000012314-78.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ