redline | f0320362[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0320362.exe
Size

172KB
MD5

95f8dde32c5011dbba0da71378de3bc1
SHA1

9f95821afe5b761c86b030c38cb5ccfcb8db4ba1
SHA256

844b8ed5f36c8105041da5bb2061238104fdd6178b3d89b877978fad4f90d61a
SHA512

a64f1ca4aa5024d896c2aa1867f839089bf4464e2d5123653f281d83cb5dbbdca70a900db7524742b1095033595e3dd81798397500e7f0fd401cdb084af6dc1f
SSDEEP

1536:0LmZSQ36sv0W7T5CJv5rHvbzV1YWWUkm+HLgxNuHYQzBbunsIWs+Rxf0GkRg8e8D:06caQbXzYak3HcxNXwZJs+RxfD8e8hh

Score

10^/10

dana redline

Malware Config

Extracted

Family

redline

Botnet

dana

C2

83.97.73.130:19061

Attributes

auth_value
da2d1691db653e49676d799e1eae2673

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0320362.exe

Files

f0320362.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ