redline | 08e70ec729eb3e199d3fe8d2dfa8a3bf[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08e70ec729eb3e199d3fe8d2dfa8a3bf.bin
Size

50KB
MD5

32884b986d02b507f30918a517279c78
SHA1

f0fd801f6cc2afa31f1cae2fd14137499ad97ce1
SHA256

6f795bd9c9271a43fe00a1fbf9e1bfd1a2f7ab67d81623b932d839044f5f60b3
SHA512

edff1c2e7a6f7c6cb6907164b1891d912ef0cbd524bbb60eca88859382857baa89b00077734859c0c0e16ad80a4a08cca48e613c1c4a06dfe36d0ee64efbcf6e
SSDEEP

768:6KFef2k2asZSryMxlz7zPq/sdmDuEcAGokjI7lFcMaYo5XTD+:LFzasZyyi/0sdmDAAGokjWcMaYoFK

Score

10^/10

luna redline

Malware Config

Extracted

Family

redline

Botnet

luna

C2

77.91.68.253:4138

Attributes

auth_value
16dec8addb01db1c11c59667022ef7a2

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bffdb6a02070a9f7a166c3bd0827f7388d6de8e9580b683c8b86724a5f2df7c7.exe

Files

08e70ec729eb3e199d3fe8d2dfa8a3bf.bin
.zip

Password: infected
bffdb6a02070a9f7a166c3bd0827f7388d6de8e9580b683c8b86724a5f2df7c7.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ