redline | 1Top[.]exe | Triage

Sharing

General

Target

1Top.exe
Size

172KB
MD5

51b7849db58928fb6c1f1e2a343cd2f0
SHA1

9dfc343901139a7faff5d1591dee8983b24e581b
SHA256

cf4a0d62d7bd3c46708d938cc52e6d0b31c03d53f771a8bba1b7210452aabc69
SHA512

7f3c9b16cd5b9bb175dec2c42f9a602cd06058c51382537fe87f9a099db1e040022922b347e1c2663a1084dc5599d2cd6f0ed828060f834f53a9ee1f8218a1cf
SSDEEP

1536:Q7vfTJ36sv0W7T4/cOkrHMeowBep7jbZUxNdPYQ3Hbux6JLjSArnry0GkRo8e8hu:arn41erqnZUxNqCd1jSArn+r8e8hu

Score

10^/10

rock redline

Malware Config

Extracted

Family

redline

Botnet

rock

C2

135.181.205.149:7724

Attributes

auth_value
844c9fd8e07e55ca504cf4632e859db0

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1Top.exe

Files

1Top.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ