redline | 0x0004000000000741-152[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0004000000000741-152.dat
Size

145KB
MD5

ea13348d476d69f33dfebd53eedfbd01
SHA1

3c5debc0dd20a312a96511d4af1cf6fa51c65f3b
SHA256

551520e2ea5ce4e58ce3fdb83b594cf27c9d05bd56a6d56a707639b5d629b607
SHA512

2af6069bcacb53d7f38f9485aec364ba9be7f078020cf0f60e52123ae8fa550f9a59e1e2100f0b8a4a9b6a5ad296ea03a99f075a66e4f7780e17c85385f206c8
SSDEEP

3072:cV+m5c/QmRSNwIO1mn30DwaFehPZl8e8hu:cj20kDTehPP

Score

10^/10

diza redline

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.122:19062

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0004000000000741-152.dat

Files

0x0004000000000741-152.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ