redline | 0x00080000000122df-116[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00080000000122df-116.dat
Size

145KB
MD5

8da51650e744dee9cb2cab2c6c3b3943
SHA1

8910410a4b453e21bf6e3ad7a8771f9efed2d53f
SHA256

0c9f8545e319ee882fbdb45e84975d3b1034d86b4abf261b8d1b49dda6bf37fe
SHA512

8512ba2d85d1bada8f39cd1f0551ddf59ea91c978cd1b2ac9897dde5dee06b63e7df876ea774be43d2e8ab9aa9f679d08aa314d0ae8eaefad2c1f091741203da
SSDEEP

3072:FV+m5c/QmRSNAwMqLza9nDEFth2ZG8e8hR:Fj2FD0IQth2c

Score

10^/10

luna redline

Malware Config

Extracted

Family

redline

Botnet

luna

C2

77.91.68.253:4138

Attributes

auth_value
16dec8addb01db1c11c59667022ef7a2

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00080000000122df-116.dat

Files

0x00080000000122df-116.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ