redline | e6f0b2c00879a5ef58f7624f54be2fb2[.]bin | Triage

Sharing

General

Target

e6f0b2c00879a5ef58f7624f54be2fb2.bin
Size

50KB
MD5

59a5fda73f1f7531eff44cb837817c21
SHA1

abd8cf63f9d6cd955a2cd8f7671d6b2f7a8b7796
SHA256

51c41b8bb6c35b0e2cb36d78a6186e2c33adeeaba52ba18e4165022ad4edc559
SHA512

bbab39c92968797e8594a816fa7446bac6729d68871ed1fcf311c93077301aea169ddf97b78a168f758f45743c17ed821f166e42bdbb0a82cdb6a486da528cf9
SSDEEP

768:U0S4UxvHoMIDUJ8CfMCu2hsXl+nx1xlZ1gtGbEjy2+k8U88CYrG4neWcafe+:oHoMI4JBMCYl0xatA2/8sneefe+

Score

10^/10

daza redline

Malware Config

Extracted

Family

redline

Botnet

daza

C2

77.91.124.251:19065

Attributes

auth_value
0bd5963efefdd6409185423d5ca3439c

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9be46950c95355f60502b8a030521aebb667664be17cd7d86bcda25f044deff0.exe

Files

e6f0b2c00879a5ef58f7624f54be2fb2.bin
.zip

Password: infected
9be46950c95355f60502b8a030521aebb667664be17cd7d86bcda25f044deff0.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ