redline | 0x0008000000013a0a-78[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0008000000013a0a-78.dat
Size

145KB
MD5

61089f625af419bfe19fd168c0f822a2
SHA1

04bb2121f94b9ae15dc5a0f0bdc229a3b6717427
SHA256

3d23353c30fbde00444a2fdfa2fb143e403268b1ac0339585be44af3efa7c241
SHA512

4d7245a99e188ea6d5f82b4da3a3a097c58b1e0498a16177e9f9d72bb97a2e20202cb2f32e1896d13c07f7e27c5204aa43b9a5d5c300221289765bc1cf592061
SSDEEP

3072:yV+m5crQmRSR38/OxTH25OjNkphoZR8e8h5:yjCZMgekphoL

Score

10^/10

disa redline

Malware Config

Extracted

Family

redline

Botnet

disa

C2

83.97.73.122:19062

Attributes

auth_value
93f8c4ca7000e3381dd4b6b86434de05

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0008000000013a0a-78.dat

Files

0x0008000000013a0a-78.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ