redline | 0x00070000000133d2-107[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00070000000133d2-107.dat
Size

172KB
MD5

cd56e8941c4d6daa0315d02c4315def8
SHA1

2a05fe320e4fb39549c109a9d13d39260265070e
SHA256

1cc3605d0111df003e86127204b7b5bf5a9ca87c2d52fc8e5a280f9df867624e
SHA512

59d6ef66386c4a06468bd62696c6ac4b14db0150dcec7979316243a8eac9573def1742a7e83cd2835c84213e925755284ab5bdf495f1aee6e25b7674655bdc71
SSDEEP

3072:PZ+q6hVbwIxxiIDg8qAxNKcbMhQ4k9o8e8hi:PZ+q6P7ihjB654k9o

Score

10^/10

diza redline

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.130:19061

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00070000000133d2-107.dat

Files

0x00070000000133d2-107.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ