redline | 0x0007000000014141-78[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0007000000014141-78.dat
Size

145KB
MD5

c4f5b5ba6adcdf64d75e02038ee909df
SHA1

eba754d7c2bff0202f66884f56313ef44589f840
SHA256

45485213f749720092ec7664839d0bd4e4c35e8e732a725a14c231696bf44f66
SHA512

c31dd5c1233387a8df4430f4da405417e54b25d36d89d2f5e82f3d24d5634019f6a6bb1365307ebe8c626ea7b02e4d6fc966017b42a523ad0183a2cd6f294854
SSDEEP

3072:sV+m5c/QmRSNY7WKA7vGJv3xnhMZx8e8hp:sj2BUanhMb

Score

10^/10

dream redline

Malware Config

Extracted

Family

redline

Botnet

dream

C2

77.91.68.253:4138

Attributes

auth_value
7b4f26a4ca794e30cee1032d5cb62f5c

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0007000000014141-78.dat

Files

0x0007000000014141-78.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ