redline | Facebookexe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Facebookexe.exe
Size

167KB
MD5

09bfe56699530e69987a64e76a21ed3e
SHA1

c1d4c04e79de03460a9255fe0b83b803d5d9630f
SHA256

4f5522bc6738bffae3478c7098bb2297192957b66b51be9506fe6436f07a3c9f
SHA512

26beebd11c71ca8f936d92ca74a854e0b1d38f67a1b14be8d52a891a354e9a44816667deee4431ab97cf7f868788d99e48afeb4d0d8b96ff9c5fcc8f705b10c2
SSDEEP

3072:Npu4V8WYZR7+vd5KtXW8qVqo5IzcTXfO8e8h9:buZY85iJTXfO

Score

10^/10

redline

Malware Config

Extracted

Family

redline

C2

85.31.54.183:18435

Attributes

auth_value
baa051af390e1a678e6c2a75fdbc2ebd

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Facebookexe.exe

Files

Facebookexe.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ