redline | i5183044[.]exe | Triage

Sharing

General

Target

i5183044.exe
Size

172KB
MD5

706e0618e20ae80d2a92c23696758425
SHA1

b3cb1f25cce4d8719af8037b63251bf81dde3791
SHA256

922501115a324ac8c178c14b2acde6948de13dba898040abe3cc4e0a7cf69499
SHA512

31310d70f8f4959b10f2b909f587270821ed341cd1ab96a8746dc2514940e0f76c4531ad372352f5bcf551a9ebfcdcacfd841d0e5ea49771e3b564afb9f13d81
SSDEEP

1536:4KtjJ36sv0W7TkVHNrHV85pHXv5BExxNIiYQ7zbuB9bS3HgZQ0GkRQ8e8h9:XJnq385BBBExxN86H3AZQz8e8h9

Score

10^/10

naher redline

Malware Config

Extracted

Family

redline

Botnet

naher

C2

77.91.68.48:19071

Attributes

auth_value
62708e72becb72a24cf8843b46acc6a1

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
i5183044.exe

Files

i5183044.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ