redline | 0x0006000000014fff-117[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0006000000014fff-117.dat
Size

145KB
MD5

8760a9046d942b0182c8dab168b3f019
SHA1

d885a3d1dc4b628086e79b1bdc5df2e89646c745
SHA256

615b58f2fc51bd4d89a423f257f6045d4f850fd14479adbb3360efcdf178aaba
SHA512

e5762ea34380b26d1b03dd24263f198cce2b6454479e74f0ac1de96a87d9312138e1369c81d79a9975b4387d416a02bd9fa31ec329a3c9e2038a9332380d4622
SSDEEP

3072:6V+m5cDQmRSgEZtDMucQTzIXNnpjKhUZp8e8hQ:6j6M7csYNnFKhUz

Score

10^/10

maxi redline

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.122:19062

Attributes

auth_value
6a3f22e5f4209b056a3fd330dc71956a

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0006000000014fff-117.dat

Files

0x0006000000014fff-117.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ