redline | 0x00070000000133cf-94[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00070000000133cf-94.dat
Size

145KB
MD5

e348be0b847d85647b6c199e473e4826
SHA1

54941269e6fe17f3900f83d0ca1895e6e11c5875
SHA256

b8db436f3f397bb03574102cc6f505fd1b0f3aa59cb72d625b866a63f621e3c8
SHA512

9422da2eba0754bfb9f81d487d0b5bc0da6bfef3926d96d5d08b64db91c14033d436c83859d00913a1510ab7b54a79b9de0e9185ed362282c901ca71d758b9d1
SSDEEP

3072:UV+m5crQmRSR38rxlj2swwNmW48IqBh1ZB8e8hp:UjCZrxILwNkqBh1r

Score

10^/10

lura redline

Malware Config

Extracted

Family

redline

Botnet

lura

C2

83.97.73.127:19062

Attributes

auth_value
a32643486616d3c1378d2ef55bc4a5af

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00070000000133cf-94.dat

Files

0x00070000000133cf-94.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ