redline | test[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

test.zip
Size

61KB
MD5

511b0ce1997c94f44bbbc4f17cbc6afe
SHA1

1d4c09e55b9d6aa44830af3c0f4d5732ab60451e
SHA256

bf0e0d3a9bfde1fadc84bfc94b8bc61b76b476eea4e3d3388038c0b80109079b
SHA512

848c3ece3cd71a2f5bb754b11d89b193b226fcf36e6b071f2f9c6d9ac16fd43a5b3d20a0ef1d607ce8b0201bf723b8aee854d9dd52bbd9d4fe7665c3fb207c9c
SSDEEP

1536:FmiS1tTzIKQ+r37Iv84nD9n9vcRHCPR+RQAMN8B4l:FmipKQ+r3sbpnNRM1B6

Score

10^/10

x redline

Malware Config

Extracted

Family

redline

Botnet

X

C2

5.161.205.68:24668

Attributes

auth_value
fe40c225330fc1a0dcb6cd2b4f18ccce

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/400000.vbc.exe

Files

test.zip
.zip

Password: infected!
400000.vbc.exe
.exe windows x86

Password: infected!

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ