redline | 0x0009000000016375-128[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0009000000016375-128.dat
Size

174KB
MD5

750a230c7cd6d810ff7e05c98d23b6f7
SHA1

e68217e7fa35d0cef64b4bf1cb55fcff53d0e794
SHA256

86cd3e7aae4a8a5bbf4980eac68685dc95331b3c90dc8814e79ce760c7d0909d
SHA512

562f34693bcc66ba327a2b9d1e7db9f479e8cb1b93bac3a947fa8afd9c0bd73e9161714beb6a43bf06215da6f513ac8e96bd9ecf8625c5d1310f411acd2b29a7
SSDEEP

3072:9SZeJjHB9I0U6o4uOpN2AKU0BIE00KmH5kGvJk8e8hU:9SZe79I0U6o4D0IE0I5kGvi

Score

10^/10

micky redline

Malware Config

Extracted

Family

redline

Botnet

micky

C2

77.91.124.172:19071

Attributes

auth_value
748f3c67c004f4a994500f05127b4428

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0009000000016375-128.dat

Files

0x0009000000016375-128.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ