redline | da6485e058400a7761010949f7348649[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da6485e058400a7761010949f7348649.bin
Size

50KB
MD5

d90a4110a9b7aabc7880e7bfc129ce91
SHA1

fd10b2d62ad43361611bec0f4eab4494117f05ef
SHA256

24c465ba733d031afe9aaab3935196a15575f3c34afee8bd977aae1f03ff2a1f
SHA512

a999056ccef127bc49423ec14955bf49a85314c1f40951b5f7ca529f75b2563ac0e6a027b5b4cca210a8da4f58ea1e151c51326df1cf6e4706b67805e97836a0
SSDEEP

1536:IgbYm8O6RWH/zdwsef+BFZmw/WGXzcekIT5IA/:hpveWH/zdwsNBFZmw/WGIekIVZ/

Score

10^/10

duper redline

Malware Config

Extracted

Family

redline

Botnet

duper

C2

77.91.68.253:19065

Attributes

auth_value
57e17ebbdb18f4882b95fe05402ef1c8

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/44e307a01e50f04b5d208e568896884d4e4a84e571c58e19c9210f97891af10b.exe

Files

da6485e058400a7761010949f7348649.bin
.zip

Password: infected
44e307a01e50f04b5d208e568896884d4e4a84e571c58e19c9210f97891af10b.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ