redline | 0x000600000001472f-93[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x000600000001472f-93.dat
Size

168KB
MD5

25e3f6f94279e2316b01f18fd318e7be
SHA1

6e72bd07b73affed05c4ea00e756aed9c96cdf80
SHA256

35af8926543e85462e96fc42493d37ec3397bdf92a7b4f4aa4c1a7b449a56441
SHA512

30350f0eec446c97e8dccce81fb88b4c782a7ccca484fd1348ddb2b96026819a5afa8784fe77b71875be1829a4fcc2ba0ef56f1af3697c46ae59d6741f1445e9
SSDEEP

3072:CemQ6p8Wc6+yoIyqCqVMEODInQ6FR8e8h5:CemBY6oIyvjGnQ6FR

Score

10^/10

dusa redline

Malware Config

Extracted

Family

redline

Botnet

dusa

C2

83.97.73.126:19046

Attributes

auth_value
ee896466545fedf9de5406175fb82de5

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x000600000001472f-93.dat

Files

0x000600000001472f-93.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ