redline | 0x0008000000013a42-78[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0008000000013a42-78.dat
Size

168KB
MD5

87d8db41bf0a530429ac3f07e1782be3
SHA1

c91e4dbd4f2083e83670cc2a69d221e66f2cff15
SHA256

26974847e49e8f2be5525f4b6653d4692bf286099b8bc39d0a4f7f5b63abcef9
SHA512

332da413d431493885973419e7ddab1e9e4f597f449abaa0fadd3d653d8a29c061a3ea73dba84007ef8f65a302110172a20e7fcc3891fea7947ed166dd18361c
SSDEEP

3072:JIo28us8Wk2L1Uo+qVAw9v4IzKiE8e8hC:d28oEOo+HdIzKiE

Score

10^/10

dars redline

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes

auth_value
7cd208e6b6c927262304d5d4d88647fd

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0008000000013a42-78.dat

Files

0x0008000000013a42-78.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ