redline | 0x00090000000122df-83[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00090000000122df-83.dat
Size

145KB
MD5

770f136b7813db24198ca68efc0a8eec
SHA1

23afc7d9ba5f5b296b6f722dbc3bab91b447c8a4
SHA256

838bd549496b130743c63e2667594dbbd991028d47783bb2e37a3a646f1705fb
SHA512

d6f0cf7da06eea0f733971651241bf309279707567e2e0233c67311e1508571a163e13734b2cb27e900f637d94f7a7f5a8797894cbf5b73316a14bd489600ded
SSDEEP

3072:FV+m5chQmRSZkJaj+5oxvtXwkXh0Za8e8hM:FjE1GnRXh0Q

Score

10^/10

deren redline

Malware Config

Extracted

Family

redline

Botnet

deren

C2

77.91.68.253:19065

Attributes

auth_value
04a169f1fb198bfbeca74d0e06ea2d54

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00090000000122df-83.dat

Files

0x00090000000122df-83.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ