redline | 0x00080000000122fa126[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00080000000122fa126.dat
Size

145KB
MD5

2be10f40c42445516d763b84f275da2f
SHA1

8d513897c047708ef76fd9c4ac34d4c2c56e4f0b
SHA256

b96f3ac17d9de87ab7b8f0d9bee4e161d67cbc775f0685864d01d96e806c5096
SHA512

46b3386ed6801c342f1a6f8c4ff0c96c2f2959e4c63a5218177ae505c514efbe3d72192d4ceecc1b613bc84fa46993e37ac4cd4c329de026d2ddc0c2a5b2cd04
SSDEEP

3072:iV+m5c9QmRSROxKx56+h+Fra8dhUZy8e8hc:ijAfxf+ADdhU4

Score

10^/10

muxan redline

Malware Config

Extracted

Family

redline

Botnet

muxan

C2

185.161.248.75:4132

Attributes

auth_value
d605be949bb645b0759bf765eb7e6a47

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00080000000122fa126.dat

Files

0x00080000000122fa126.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ