redline | file[.]exe | Triage

Sharing

General

Target

file.exe
Size

172KB
MD5

0e99a4bbb57cb77d09f736631cb3a8f7
SHA1

110b4f06490258a3e1f408ad5c4014922264cf03
SHA256

f767afef9083aed521760649129fae272dfe30f66c9922ca4529533bb81d0612
SHA512

bbbdcc6dbd545668f65ba952345fef6abbc3c83272fdb2fcb7a048ea99a3fee7092033ddad2c3a14d2af975e1088dfa75fb4c8e4c1baed84e22d2f1e25628401
SSDEEP

3072:g+Mic4AlDnNh8x75xNU0Mav587Hl1/8e8hC:g+0DwRSoh87Hl1/

Score

10^/10

rt6 redline

Malware Config

Extracted

Family

redline

Botnet

rt6

C2

185.225.74.51:44767

Attributes

auth_value
5e8a576e14125b66ea64a9ea144b4fb9

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.exe

Files

file.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ