redline | 0x000700000001336a-118[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x000700000001336a-118.dat
Size

172KB
MD5

412b2ec27f1dac325d095ea58f4cd8d0
SHA1

d218bd0958b700e08399ce3559c333f8bb3fcdf3
SHA256

54cbbd188f6aac8a2b8a347bae60596361f8c406cff4c331adb1fc0d6a55c0da
SHA512

8381561407753ae50efa6c7ea3e1164d146084eeb5495eaa23649c90261847050b5ae928d073e1d0255d59248a94444e926e1b1cd7635a0c5164da7f2a7c1498
SSDEEP

3072:WtDp4vP09bHX9xqLxNcO1BR0H3XWjE8e8hk:WdNWoSyH3XWjE

Score

10^/10

lupa redline

Malware Config

Extracted

Family

redline

Botnet

lupa

C2

83.97.73.130:19061

Attributes

auth_value
6a764aa41830c77712442516d143bc9c

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x000700000001336a-118.dat

Files

0x000700000001336a-118.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ