redline | 1a474ad073854abf76110d8d2f01797e[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a474ad073854abf76110d8d2f01797e.exe
Size

94KB
MD5

1a474ad073854abf76110d8d2f01797e
SHA1

f1841f7112f2d34bb97487df26b78aa4ecbf0652
SHA256

b982290b6daded567141491a2656e239cc761f189695b179bfe079937cfc592a
SHA512

c47b9957b1648c60aea9c708cbeb66c76850f9ea7463f8d52703ffb728c1bb8f47a46339a34d8bd3e281d5d0a6a5afe1b09a97bff9cf3509ce99a6d6a2c232ad
SSDEEP

1536:zoTx9HNwDE1lDTN1QFzxMgwCrB/atqgdbibEB/l2khoSGe:zoTxFPDTN1QBqgRJatvqEhfh

Score

10^/10

5713798940 redline

Malware Config

Extracted

Family

redline

Botnet

5713798940

C2

https://pastebin.com/raw/NgsUAPya

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a474ad073854abf76110d8d2f01797e.exe

Files

1a474ad073854abf76110d8d2f01797e.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ