redline | 0x000600000001af04-180[.]dat | Triage

Sharing

General

Target

0x000600000001af04-180.dat
Size

145KB
MD5

c38d5e7db1667f8d55fbbc2ecb41f76a
SHA1

6386841710e2c3f4020c30b89bfb2eedc2015d95
SHA256

7e53171ba52db52945e1aaf352b2fee6aa126c583869d3cfd3d05d6dcce8ac0b
SHA512

3397327bc5e70db7cc70165053c3bda2be919839d883bd50e9547e5efee762b68846c97e75c1ad6d990c5c76454b8456e205f29821fe4608a1ea7d8106b3a955
SSDEEP

3072:PV+m5chQmRSZQ1avem1eJwfUuMyNiOhjZR8e8hX:PjENURTIOhj7

Score

10^/10

muser redline

Malware Config

Extracted

Family

redline

Botnet

muser

C2

77.91.68.253:19065

Attributes

auth_value
ab307a8e027ba1296455e3d548f168a3

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x000600000001af04-180.dat

Files

0x000600000001af04-180.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ