redline | m0484224[.]exe | Triage

Sharing

General

Target

m0484224.exe
Size

173KB
MD5

4070fca4a01fc6b6d0372683dd3034db
SHA1

17950fc0eb382849195c0dad97de3c3fbb42ee5d
SHA256

c183e4480bcddd7d8b82b37477ebda6fb4061d090e64bd68d97a7aafb9d7a423
SHA512

ffcdf72fc0f471e5508f8370ea1abed2bdce9ca757f239259139256b34f8624f3674f5846fcd2a96999fbeab3b36c612cde5cb3320f64ae35c9d123ad3156595
SSDEEP

1536:nmaXrOmFaG36sv0W7TEjrAgrHvYxr+cKmkVe7xNL+YQfzbustpVlUS70GkRU8e8c:TO8aw4LYxdx0e7xNh2fbUS7X8e8hK

Score

10^/10

lodka redline

Malware Config

Extracted

Family

redline

Botnet

lodka

C2

77.91.124.156:19071

Attributes

auth_value
76f99d6cc9332c02bb9728c3ba80d3a9

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
m0484224.exe

Files

m0484224.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ