redline | 0x0007000000015c2f-101[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0007000000015c2f-101.dat
Size

174KB
MD5

900ac2e04312c976f012c5ea8a5af075
SHA1

af9667e4ced628a7facbff44b818a5e9e78e46d0
SHA256

cc3b003b2ff3e89702cbe259fff17aee22051ca89690826794c41e782ff289a8
SHA512

6299ec3b01967a294df6c893dbb00097bf9a3b277c04ea4f9ce9286ad894e8c9e2735cc0600b721c7b16ecc5b5b646c0fdc3617ef200a96c0d83dbd9678e2ec5
SSDEEP

3072:9SZeJjHB9I0U6o4uOpN2AKU0BIE00KmH5kGvJk8e8hU:9SZe79I0U6o4D0IE0I5kGvi

Score

10^/10

micky redline

Malware Config

Extracted

Family

redline

Botnet

micky

C2

77.91.124.172:19071

Attributes

auth_value
748f3c67c004f4a994500f05127b4428

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0007000000015c2f-101.dat

Files

0x0007000000015c2f-101.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ