redline | f0141825[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0141825.exe
Size

172KB
MD5

a1008864818406e2c029bcd9f7507f64
SHA1

778fc0dffe55b736d120ce041a7aafd3f6101a41
SHA256

21ead355cf62364f09d3a3285e02cc8a7bb5f8e8181b33e08002aad830fa4771
SHA512

a17c577a22177a0ca94ca98c22e79c6681f3bc3621d4ec104464f40e48ac90d2c86a38908e437dc55538d24533fc1d3e3fc93da2634caa3df32b3f5796f45af7
SSDEEP

1536:0LmZSQ36sv0W7T5CJv5rHvbzV1YWWUkm+HLgxNuHYQzBbunsIWs+Rxf0GkRg8e8D:06caQbXzYak3HcxNXwZJs+RxfD8e8hh

Score

10^/10

dana redline

Malware Config

Extracted

Family

redline

Botnet

dana

C2

83.97.73.130:19061

Attributes

auth_value
da2d1691db653e49676d799e1eae2673

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0141825.exe

Files

f0141825.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ