redline | df7a39c6a0b49b73bb6acd435f073166[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df7a39c6a0b49b73bb6acd435f073166.bin
Size

64KB
MD5

2bbd9b489f9c91e656f4e16dea0edcb4
SHA1

baa51d6981088b4990c48b908cd0a5fae91ce5a5
SHA256

3f137ba994d294f8bf786f772025555019e2971db3f9200af252c124e9e2acd7
SHA512

14d59c0475fb73ad98c0097baa72465b8970329fcb0c9a8317b746a4a4a3a894b0489ac4775eab6b552c24ce9c48656bc4b46f0f495f54debe91585f27ea0166
SSDEEP

1536:vjVeBI3eiPRTKvG4apu9kh36EHF0yxx4DwlDGSy:vcBI3JPleGDf6El0QoSy

Score

10^/10

rocketpro redline

Malware Config

Extracted

Family

redline

Botnet

rocketpro

C2

91.208.52.190:19161

Attributes

auth_value
7a69ba9ffdcd981c2f168c1cf58282e7

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2fa67b1856ac00a4e234816ba09e5339d7649e8f56b42c554b14c7e85e07bbfa.exe

Files

df7a39c6a0b49b73bb6acd435f073166.bin
.zip

Password: infected
2fa67b1856ac00a4e234816ba09e5339d7649e8f56b42c554b14c7e85e07bbfa.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ