redline | 0x00190000000124a1-117[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00190000000124a1-117.dat
Size

145KB
MD5

739ef005b51cba4b1e0de82e9b58a61d
SHA1

d7459390321a685dc41f8b1332a7ac241d88f8a9
SHA256

864aee09f6f0d208654ba7e92d4f6491a6cb049401367a8b1e2f9e4cfe3987a9
SHA512

8bb45bd9d82c217c87d1e0ca987bee74ed9cbb808e26f9e2e6f1413a4be9f24f1d8720179067d80f0d7b9c2a2c0d85a8b68da46824d4352a4b0b1f48a2434761
SSDEEP

3072:oV+m5cNQmRSxCvkXEOnNAZvhgGhjZx8e8hN:ojwUDN/Ghjb

Score

10^/10

momona redline

Malware Config

Extracted

Family

redline

Botnet

momona

C2

77.91.68.253:4138

Attributes

auth_value
87572b6eba8b01e3c20c8c58bcf1146d

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00190000000124a1-117.dat

Files

0x00190000000124a1-117.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ