redline | f9133536[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9133536.exe
Size

168KB
MD5

4ed01b70763efcb581c069e310542515
SHA1

49d1886d4dc7490254c3022a8760ee11ed8222c8
SHA256

6ccce38233f377ee1ef375ddc6d0b1cafd119267e579c3181b241650a028049a
SHA512

050b3d4029393bf1551426588cf0f2331c074c35505b6400d9fda010ddbb9f6e26724fc698c58e455dac2b4cbd16130526732ff2342ef6956b94212e5dfd2a7c
SSDEEP

1536:Gi3n6ICpqtqhVZCGWK5JPzz8WJ8surO5gbBvdATGqVIBWbug8DLTGqU584wYkk8X:Gikw038WSHI6BFRqVIgE3jU5h8e8hR

Score

10^/10

dusa redline

Malware Config

Extracted

Family

redline

Botnet

dusa

C2

83.97.73.127:19045

Attributes

auth_value
ee896466545fedf9de5406175fb82de5

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9133536.exe

Files

f9133536.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ