redline | 0x00080000000122f5-94[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00080000000122f5-94.dat
Size

145KB
MD5

cfc84bed48d452038244765adf34aff5
SHA1

cf598bef15157440f9a17dafadd0bc63fa13f01b
SHA256

7835fd425c52010b33c726ee16cb8dcdec33b81edcb169696df82eb00d928d11
SHA512

0b674572b387c73f9fb0ca551fbc5b121c409f693c3ad0735837eb2b672f0a72167bc90966ca5c57a352a25a1d7a8ce1b46cf25a4b1ba9b04bc9457a1e46eef6
SSDEEP

3072:6V+m5cDQmRSgEZtDMucQTzIXNnpjKhUZp8e8hQ:6j6M7csYNnFKhUz

Score

10^/10

maxi redline

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.122:19062

Attributes

auth_value
6a3f22e5f4209b056a3fd330dc71956a

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00080000000122f5-94.dat

Files

0x00080000000122f5-94.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ