redline | 0x00060000000142c2-93[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00060000000142c2-93.dat
Size

168KB
MD5

cbb40769a667155bb620f636baae0991
SHA1

5978cdd515b1caecccbccbd4a22ba7c6d7429bc1
SHA256

831dec6cde6400253aa32a23df6aa4d5c39548fa9f1c2fffaa8a6c686a2b74c9
SHA512

6c8fea7efec19bfd85a578b88c3c49e7272b7a2f9fe45040f41eb7611cbc7c17b9dc3296118ab7d265f46523bd4c8d4743d7b05c3077187c18864e4acf879ff1
SSDEEP

3072:o3b2AH8WzSEXrWS0qVyMAFWqsvP2mwQM8e8hu:o3b5N/IJ0P2mwQM

Score

10^/10

diza redline

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00060000000142c2-93.dat

Files

0x00060000000142c2-93.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ