redline | 0x00070000000126c3-99[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00070000000126c3-99.dat
Size

168KB
MD5

8b722650e53fb023793cae1bd6dbbedc
SHA1

041e004b76368dbb4076c80a9ecaa64add45842e
SHA256

3185a6ac601f0775f60e5b0ccfd14406037f6baccdf64d91cdbc4bdf7f3c5eaf
SHA512

8429ef9d54f26cadd5adb7e313e0502a1a77d1993a8f5f9597144087fd01e4855c6c1c235e22297d953bde31c2df41e2e94b5e5b7647ab7cc0de3670a05ecfef
SSDEEP

3072:t/F1Pfv8WWAXNodt0BqVgwHJ3AGvo8e8hF:fpgAXWdt0BPQAGvo

Score

10^/10

liza redline

Malware Config

Extracted

Family

redline

Botnet

liza

C2

83.97.73.127:19045

Attributes

auth_value
198e3e9b188d6cfab0a2b0fb100bb7c5

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00070000000126c3-99.dat

Files

0x00070000000126c3-99.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ